Published: 16/06/2021 Updated: 09/07/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Manageengine Servicedesk Plus Msp

Zoho ManageEngine ServiceDesk Plus MSP prior to 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine servicedesk plus msp
zohocorp manageengine servicedesk plus msp 10.5

Zoho ManageEngine ServiceDesk Plus version 94 suffers from a user enumeration vulnerability ...

Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) - https://ricardojoserf.github.io/CVE-2021-31159/

Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) This script takes advantage of ServiceDesk Plus before build 10519 having different output in the password recovery functionality: if the user exists it returns a message claiming an email has been sent but if it does not exist the message is always the same Knowing this it is possible

CWE-209 https://www.manageengine.com/products/service-desk-msp/readme.html#10519 https://www.manageengine.com http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html https://github.com/ricardojoserf/CVE-2021-31159 https://nvd.nist.gov https://github.com/ricardojoserf/CVE-2021-31159 https://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html

CVE-2021-31159

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect