Lucene search
China National Vulnerability DatabaseCNVD-2021-94826HistoryDec 02, 2021 - 12:00 a.m.
ZOHO ManageEngine SupportCenter Plus server-side request forgery vulnerability
2021-12-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
zoho manageengine
supportcenter plus
server-side
request forgery
vulnerability
web-based
customer support
software
authentication
EPSS
0.004
Percentile
74.8%
ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. Used to allow organizations to effectively manage customer requests, their account and contact information, and service contracts, and in the process provide a superior customer experience, ZOHO ManageEngine SupportCenter Plus is vulnerable to a server-side request forgery vulnerability that stems from the productβs ActionExecutor module not effectively authenticating the userβs identity. An attacker could use this vulnerability to obtain sensitive data.
Related
cvelist
cvelist
CVE-2021-43296
2021-11-30 18:40:54
nvd
nvd
CVE-2021-43296
2021-11-30 19:15:10
prion
prion
Server side request forgery (ssrf)
2021-11-30 19:15:00
cve
cve
CVE-2021-43296
2021-11-30 19:15:10