CVE-2021-43296 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0:11001
zohocorp	manageengine_supportcenter_plus	11.0:11002
zohocorp	manageengine_supportcenter_plus	11.0:11003
zohocorp	manageengine_supportcenter_plus	11.0:11004
zohocorp	manageengine_supportcenter_plus	11.0:11005
zohocorp	manageengine_supportcenter_plus	11.0:11006
zohocorp	manageengine_supportcenter_plus	11.0:11007
zohocorp	manageengine_supportcenter_plus	11.0:11008
zohocorp	manageengine_supportcenter_plus	11.0:11009
zohocorp	manageengine_supportcenter_plus	11.0:11010
zohocorp	manageengine_supportcenter_plus	11.0:11011
zohocorp	manageengine_supportcenter_plus	11.0:11012
zohocorp	manageengine_supportcenter_plus	11.0:11013
zohocorp	manageengine_supportcenter_plus	11.0:11014
zohocorp	manageengine_supportcenter_plus	11.0:11015

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://manageengine.com

https://www.manageengine.com/products/support-center/readme.html#11016

https://manageengine.com

https://www.manageengine.com/products/support-center/readme.html#11016