CISA Known Exploited Vulnerability

CVE-2021-44077

Zoho · ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

Date added 2021-12-01

BOD 22-01 due date 2021-12-15

CWE CWE-306

Ransomware Unknown

CISA description

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2021-44077

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2021-44077
CVE.org · CVE-2021-44077
CISA KEV catalog (canonical)