CVE-2021-31159 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
zohocorp	manageengine_servicedesk_plus_msp	8.0 ≤ 𝑥 ≤ 9.4
zohocorp	manageengine_servicedesk_plus_msp	10.5:10500
zohocorp	manageengine_servicedesk_plus_msp	10.5:10501
zohocorp	manageengine_servicedesk_plus_msp	10.5:10502
zohocorp	manageengine_servicedesk_plus_msp	10.5:10503
zohocorp	manageengine_servicedesk_plus_msp	10.5:10504
zohocorp	manageengine_servicedesk_plus_msp	10.5:10505
zohocorp	manageengine_servicedesk_plus_msp	10.5:10506
zohocorp	manageengine_servicedesk_plus_msp	10.5:10507
zohocorp	manageengine_servicedesk_plus_msp	10.5:10508
zohocorp	manageengine_servicedesk_plus_msp	10.5:10509
zohocorp	manageengine_servicedesk_plus_msp	10.5:10510
zohocorp	manageengine_servicedesk_plus_msp	10.5:10511
zohocorp	manageengine_servicedesk_plus_msp	10.5:10512
zohocorp	manageengine_servicedesk_plus_msp	10.5:10513
zohocorp	manageengine_servicedesk_plus_msp	10.5:10514
zohocorp	manageengine_servicedesk_plus_msp	10.5:10515
zohocorp	manageengine_servicedesk_plus_msp	10.5:10516
zohocorp	manageengine_servicedesk_plus_msp	10.5:10517
zohocorp	manageengine_servicedesk_plus_msp	10.5:10518
zohocorp	manageengine_servicedesk_plus_msp	10.5:8000
zohocorp	manageengine_servicedesk_plus_msp	10.5:8001
zohocorp	manageengine_servicedesk_plus_msp	10.5:8002
zohocorp	manageengine_servicedesk_plus_msp	10.5:8003
zohocorp	manageengine_servicedesk_plus_msp	10.5:8004
zohocorp	manageengine_servicedesk_plus_msp	10.5:8100
zohocorp	manageengine_servicedesk_plus_msp	10.5:8101
zohocorp	manageengine_servicedesk_plus_msp	10.5:8102
zohocorp	manageengine_servicedesk_plus_msp	10.5:8103
zohocorp	manageengine_servicedesk_plus_msp	10.5:8104
zohocorp	manageengine_servicedesk_plus_msp	10.5:8105
zohocorp	manageengine_servicedesk_plus_msp	10.5:8200
zohocorp	manageengine_servicedesk_plus_msp	10.5:8201
zohocorp	manageengine_servicedesk_plus_msp	10.5:8202
zohocorp	manageengine_servicedesk_plus_msp	10.5:8203
zohocorp	manageengine_servicedesk_plus_msp	10.5:8204
zohocorp	manageengine_servicedesk_plus_msp	10.5:8205
zohocorp	manageengine_servicedesk_plus_msp	10.5:8206
zohocorp	manageengine_servicedesk_plus_msp	10.5:8207
zohocorp	manageengine_servicedesk_plus_msp	10.5:8208
zohocorp	manageengine_servicedesk_plus_msp	10.5:8209
zohocorp	manageengine_servicedesk_plus_msp	10.5:8210
zohocorp	manageengine_servicedesk_plus_msp	10.5:8211
zohocorp	manageengine_servicedesk_plus_msp	10.5:8300
zohocorp	manageengine_servicedesk_plus_msp	10.5:8301
zohocorp	manageengine_servicedesk_plus_msp	10.5:8302
zohocorp	manageengine_servicedesk_plus_msp	10.5:8303
zohocorp	manageengine_servicedesk_plus_msp	10.5:8304
zohocorp	manageengine_servicedesk_plus_msp	10.5:8305
zohocorp	manageengine_servicedesk_plus_msp	10.5:8306
zohocorp	manageengine_servicedesk_plus_msp	10.5:8307
zohocorp	manageengine_servicedesk_plus_msp	10.5:8308
zohocorp	manageengine_servicedesk_plus_msp	10.5:8309
zohocorp	manageengine_servicedesk_plus_msp	10.5:8310
zohocorp	manageengine_servicedesk_plus_msp	10.5:8311
zohocorp	manageengine_servicedesk_plus_msp	10.5:8312
zohocorp	manageengine_servicedesk_plus_msp	10.5:9000
zohocorp	manageengine_servicedesk_plus_msp	10.5:9001
zohocorp	manageengine_servicedesk_plus_msp	10.5:9002
zohocorp	manageengine_servicedesk_plus_msp	10.5:9003
zohocorp	manageengine_servicedesk_plus_msp	10.5:9004
zohocorp	manageengine_servicedesk_plus_msp	10.5:9005
zohocorp	manageengine_servicedesk_plus_msp	10.5:9006
zohocorp	manageengine_servicedesk_plus_msp	10.5:9007
zohocorp	manageengine_servicedesk_plus_msp	10.5:9008
zohocorp	manageengine_servicedesk_plus_msp	10.5:9009
zohocorp	manageengine_servicedesk_plus_msp	10.5:9201
zohocorp	manageengine_servicedesk_plus_msp	10.5:9203
zohocorp	manageengine_servicedesk_plus_msp	10.5:9204
zohocorp	manageengine_servicedesk_plus_msp	10.5:9205
zohocorp	manageengine_servicedesk_plus_msp	10.5:9206
zohocorp	manageengine_servicedesk_plus_msp	10.5:9207
zohocorp	manageengine_servicedesk_plus_msp	10.5:9208
zohocorp	manageengine_servicedesk_plus_msp	10.5:9209
zohocorp	manageengine_servicedesk_plus_msp	10.5:9210
zohocorp	manageengine_servicedesk_plus_msp	10.5:9300
zohocorp	manageengine_servicedesk_plus_msp	10.5:9301
zohocorp	manageengine_servicedesk_plus_msp	10.5:9302
zohocorp	manageengine_servicedesk_plus_msp	10.5:9303
zohocorp	manageengine_servicedesk_plus_msp	10.5:9304
zohocorp	manageengine_servicedesk_plus_msp	10.5:9305
zohocorp	manageengine_servicedesk_plus_msp	10.5:9306
zohocorp	manageengine_servicedesk_plus_msp	10.5:9307
zohocorp	manageengine_servicedesk_plus_msp	10.5:9308
zohocorp	manageengine_servicedesk_plus_msp	10.5:9400
zohocorp	manageengine_servicedesk_plus_msp	10.5:9401
zohocorp	manageengine_servicedesk_plus_msp	10.5:9402
zohocorp	manageengine_servicedesk_plus_msp	10.5:9403
zohocorp	manageengine_servicedesk_plus_msp	10.5:9404
zohocorp	manageengine_servicedesk_plus_msp	10.5:9405
zohocorp	manageengine_servicedesk_plus_msp	10.5:9406
zohocorp	manageengine_servicedesk_plus_msp	10.5:9407
zohocorp	manageengine_servicedesk_plus_msp	10.5:9408
zohocorp	manageengine_servicedesk_plus_msp	10.5:9409
zohocorp	manageengine_servicedesk_plus_msp	10.5:9410
zohocorp	manageengine_servicedesk_plus_msp	10.5:9411
zohocorp	manageengine_servicedesk_plus_msp	10.5:9412
zohocorp	manageengine_servicedesk_plus_msp	10.5:9413
zohocorp	manageengine_servicedesk_plus_msp	10.5:9414
zohocorp	manageengine_servicedesk_plus_msp	10.5:9415
zohocorp	manageengine_servicedesk_plus_msp	10.5:9416
zohocorp	manageengine_servicedesk_plus_msp	10.5:9417
zohocorp	manageengine_servicedesk_plus_msp	10.5:9418
zohocorp	manageengine_servicedesk_plus_msp	10.5:9419
zohocorp	manageengine_servicedesk_plus_msp	10.5:9420
zohocorp	manageengine_servicedesk_plus_msp	10.5:9421
zohocorp	manageengine_servicedesk_plus_msp	10.5:9422
zohocorp	manageengine_servicedesk_plus_msp	10.5:9423
zohocorp	manageengine_servicedesk_plus_msp	10.5:9424
zohocorp	manageengine_servicedesk_plus_msp	10.5:9425
zohocorp	manageengine_servicedesk_plus_msp	10.5:9426
zohocorp	manageengine_servicedesk_plus_msp	10.5:9427

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-209 - Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html

https://github.com/ricardojoserf/CVE-2021-31159

https://www.manageengine.com

https://www.manageengine.com/products/service-desk-msp/readme.html#10519

http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html

https://github.com/ricardojoserf/CVE-2021-31159

https://www.manageengine.com

https://www.manageengine.com/products/service-desk-msp/readme.html#10519