CVE-2021-31160
published 2021-06-29CVE-2021-31160: Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.52%
87.8th percentile
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | — | — |
| zohocorp | manageengine_servicedesk_plus_msp | < 10.5 | 10.5 |
| zohocorp | manageengine_servicedesk_plus_msp | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
jqueryui vulnerability
osv·2022-09-09·CVSS 6.1
CVE-2021-41184 jqueryui vulnerability
jqueryui vulnerability
It was discovered that jQuery UI did not properly validate the values from
untrusted sources. An attacker could use this vulnerability to cause a crash or
possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and
Ubuntu 20.4 ESM. (CVE-2021-41184)
It was discovered that jQuery UI checkboxradio widget did not properly decode
certain values from HTML entities. An attacker could possibly use this issue to
generate a cross-site scripting(XSS) attack, resulting in a crash or possibly
execute arbitrary code. (CVE-2022-31160)
GHSA
GHSA-2c4q-25x9-p644: Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data
ghsa_unreviewed·2022-05-24
CVE-2021-31160 [HIGH] GHSA-2c4q-25x9-p644: Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31160https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/https://www.manageengine.com/products/service-desk-msp/readme.html#10521https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/https://www.manageengine.com/products/service-desk-msp/readme.html#10521
2021-06-29
Published