Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-44077

🗓️ 29 Nov 2021 03:17:45Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1152 Views🌐 WEB

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		ManageEngine ServiceDesk Plus Remote Code Execution Exploit
28 Dec 202100:00
zdt
GithubExploit		Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus
8 Dec 202120:24
githubexploit
GithubExploit		Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus
29 Sep 202214:07
githubexploit
ICS		APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
6 Dec 202112:00
ics
ATTACKERKB		CVE-2021-44077
29 Nov 202100:00
attackerkb
Circl		CVE-2021-44077
3 Dec 202111:08
circl
CISA KEV Catalog		Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
1 Dec 202100:00
cisa_kev
CISA		CISA Adds Five Known Exploited Vulnerabilities to Catalog
1 Dec 202100:00
cisa
CISA		CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
2 Dec 202100:00
cisa
CNNVD		ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞
29 Nov 202100:00
cnnvd
Rows per page
NVD
Node
zohocorpmanageengine_servicedesk_plusRange<11.1
OR
zohocorpmanageengine_servicedesk_plusMatch11.111138
OR
zohocorpmanageengine_servicedesk_plusMatch11.111139
OR
zohocorpmanageengine_servicedesk_plusMatch11.111140
OR
zohocorpmanageengine_servicedesk_plusMatch11.111141
OR
zohocorpmanageengine_servicedesk_plusMatch11.111142
OR
zohocorpmanageengine_servicedesk_plusMatch11.111143
OR
zohocorpmanageengine_servicedesk_plusMatch11.111144
OR
zohocorpmanageengine_servicedesk_plusMatch11.111145
OR
zohocorpmanageengine_servicedesk_plusMatch11.211200
OR
zohocorpmanageengine_servicedesk_plusMatch11.211201
OR
zohocorpmanageengine_servicedesk_plusMatch11.211202
OR
zohocorpmanageengine_servicedesk_plusMatch11.211203
OR
zohocorpmanageengine_servicedesk_plusMatch11.211204
OR
zohocorpmanageengine_servicedesk_plusMatch11.211205
OR
zohocorpmanageengine_servicedesk_plusMatch11.211206
OR
zohocorpmanageengine_servicedesk_plusMatch11.211207
OR
zohocorpmanageengine_servicedesk_plusMatch11.211208
OR
zohocorpmanageengine_servicedesk_plusMatch11.211209
OR
zohocorpmanageengine_servicedesk_plusMatch11.211210
OR
zohocorpmanageengine_servicedesk_plusMatch11.211211
OR
zohocorpmanageengine_servicedesk_plusMatch11.311300
OR
zohocorpmanageengine_servicedesk_plusMatch11.311301
OR
zohocorpmanageengine_servicedesk_plusMatch11.311302
OR
zohocorpmanageengine_servicedesk_plusMatch11.311303
OR
zohocorpmanageengine_servicedesk_plusMatch11.311304
OR
zohocorpmanageengine_servicedesk_plusMatch11.311305
OR
zohocorpmanageengine_servicedesk_plus_mspRange<10.5
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510500
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510501
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510502
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510503
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510504
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510505
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510506
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510507
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510508
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510509
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510510
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510511
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510512
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510513
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510514
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510515
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510516
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510517
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510518
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510519
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510520
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510521
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510522
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510523
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510524
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510525
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510526
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510527
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510528
OR
zohocorpmanageengine_servicedesk_plus_mspMatch10.510529
OR
zohocorpmanageengine_supportcenter_plusRange<11.0
OR
zohocorpmanageengine_supportcenter_plusMatch11.011000
OR
zohocorpmanageengine_supportcenter_plusMatch11.011001
OR
zohocorpmanageengine_supportcenter_plusMatch11.011002
OR
zohocorpmanageengine_supportcenter_plusMatch11.011003
OR
zohocorpmanageengine_supportcenter_plusMatch11.011004
OR
zohocorpmanageengine_supportcenter_plusMatch11.011005
OR
zohocorpmanageengine_supportcenter_plusMatch11.011006
OR
zohocorpmanageengine_supportcenter_plusMatch11.011007
OR
zohocorpmanageengine_supportcenter_plusMatch11.011008
OR
zohocorpmanageengine_supportcenter_plusMatch11.011009
OR
zohocorpmanageengine_supportcenter_plusMatch11.011010
OR
zohocorpmanageengine_supportcenter_plusMatch11.011011
OR
zohocorpmanageengine_supportcenter_plusMatch11.011012
OR
zohocorpmanageengine_supportcenter_plusMatch11.011013
SourceLink
pitstopwww.pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013
pitstopwww.pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021
pitstopwww.pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above
pitstopwww.pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
packetstormsecuritywww.packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html
cisawww.cisa.gov/known-exploited-vulnerabilities-catalog
ParameterPositionPathDescriptionCWE
theFilebinary/RestAPI/ImportTechniciansUnauthenticated upload of msiexec.exe via ImportTechnicians enables RCE on vulnerable builds.CWE-306
stepbinary/RestAPI/ImportTechniciansUnauthenticated upload of msiexec.exe via ImportTechnicians enables RCE on vulnerable builds.CWE-306
executerequest body/RestAPI/s247actionTrigger execution endpoint to run installation process after upload.CWE-306
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Oct 2025 14:44Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 3.19.8
EPSS0.943
SSVC
CWE-306In Wild
cve-2021-44077zohomanageengineservicedeskremote code executionsecurity vulnerabilitynvdunauthenticated access
1152