Zoho ManageEngine ServiceDesk Plus prior to 11306, ServiceDesk Plus MSP prior to 10530, and SupportCenter Plus prior to 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine servicedesk plus 11.2 |
||
zohocorp manageengine servicedesk plus msp 10.5 |
||
zohocorp manageengine servicedesk plus 11.3 |
||
zohocorp manageengine servicedesk plus 11.1 |
||
zohocorp manageengine supportcenter plus |
||
zohocorp manageengine servicedesk plus msp |
||
zohocorp manageengine supportcenter plus 11.0 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing
Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. The rules mean Beijing can use local research to hoard vulnerability information. A year later, researchers from the Atlantic Council found there was a decrease in reported vulne...