CyberSec.Space Logo
Back to CVE Browser

CVE-2021-31160

HIGH
7.5
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile24.71th
PublishedJun 29, 2021
Last ModifiedMay 30, 2025

Vulnerability Description

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.

Affected Platforms (CPE)

πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

< 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus Msp

= 10.5

References & Advisories

πŸ”— https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31160
πŸ”— https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/
πŸ”— https://www.manageengine.com/products/service-desk-msp/readme.html#10521
πŸ”— https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/
πŸ”— https://www.manageengine.com/products/service-desk-msp/readme.html#10521

Related Vulnerabilities

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2019-83959.8

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 1000...

CVE-2021-374159.8

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without aut...