CVE-2021-31159

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html Exploit Third Party Advisory VDB Entry
https://github.com/ricardojoserf/CVE-2021-31159 Exploit Third Party Advisory
https://www.manageengine.com Product
https://www.manageengine.com/products/service-desk-msp/readme.html#10519 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8004:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8204:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8205:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8206:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8207:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8208:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8209:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8210:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8211:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8303:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8304:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8305:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8306:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8307:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8308:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8309:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8310:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8311:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:8312:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9004:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9005:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9006:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9007:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9008:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9009:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9204:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9205:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9206:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9207:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9208:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9209:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9210:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9303:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9304:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9305:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9306:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9307:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9308:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9401:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9402:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9403:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9404:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9405:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9406:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9407:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9408:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9409:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9410:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9411:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9412:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9413:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9414:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9415:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9416:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9417:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9418:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9419:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9420:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9421:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9422:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9423:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9424:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9425:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9426:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:9427:*:*:*:*:*:*
History

No history.

Information

Published : 2021-06-16 13:15

Updated : 2021-07-09 12:49

NVD link : CVE-2021-31159

Mitre link : CVE-2021-31159

CVE.ORG link : CVE-2021-31159

JSON object : View

Products Affected

zohocorp

  • manageengine_servicedesk_plus_msp
CWE
CWE-209

Generation of Error Message Containing Sensitive Information