About the vulnerability

An unauthenticated remote code execution (RCE) vulnerability (CVE-2021-44077) was identified in ManageEngine ServiceDesk Plus MSP. This vulnerability affects ServiceDesk Plus MSP customers of all editions using versions 10529 and below. We rate this vulnerability as critical and have noticed active exploitation of this vulnerability by cyberthreat actors. We strongly urge customers to upgrade to ServiceDesk Plus MSP versions 10530 and above.

  • Please note that this vulnerability is not new but was already identified and addressed on September 16, 2021 in versions 10530 and above, and an advisory was published as well.

    Read the advisory
  • IT service desk vulnerability
Service desk vulnerability exploit detection tool

Exploit detection tool

Use the exploit detection tool to run a quick scan and discover any compromises in your installation. The tool checks for the presence of any indicators of compromise associated with the CVE-2021-44077 vulnerability and notifies you if your system is infected.

Download the tool & check if you are compromised

How to use the exploit detection tool

Steps to move your ServiceDesk Plus MSP installation to a new server

Follow the steps below to move your ServiceDesk Plus MSP installation to a new server.

For any assistance regarding the vulnerability

Please feel free to contact our support team.

  • Call us toll-free at

    +1.888.720.9500.

Frequently asked questions

Expand All

This is an unauthenticated RCE vulnerability that was identified in ServiceDesk Plus MSP. It can allow an adversary to execute arbitrary code and carry out any subsequent attacks.

This vulnerability affects versions 10529 and below in ServiceDesk Plus MSP (all editions).

Click the Help link in the top-right corner of the ServiceDesk Plus MSP web client, and select About from the drop-down to see your current version. If your current version (all editions) is 10529 and below, you might be affected.

You can also run the exploit detection tool above to verify if your installation has been compromised.

 

  • If your server is affected, send us the following folders for further analysis:
  • \ManageEngine\ServiceDeskPlus-MSP\logs

    \ManageEngine\ServiceDeskPlus-MSP\webapps\ROOT\WEB-INF

    \ManageEngine\ServiceDeskPlus-MSP\bin.

    The scan tool checks for malicious files and entries in logs. At any given time, ServiceDesk Plus MSP maintains only 50 log files and so your server compromise may not be detectable in the log files.

    Further, please follow the steps mentioned above, to move your ServiceDesk Plus MSP installation to the new server.

 

You can upgrade to the latest version (10532) using the appropriate migration path.

Click the Help link in the top-right corner of the ServiceDesk Plus MSP web client, and select About from the drop-down to see your current version. If your current version (all editions) is 10529 and below, you might be affected.

The vulnerability has been addressed by fixing the security configuration process in ServiceDesk Plus MSP versions 10530 and above. You can upgrade to the latest version (10532) using the appropriate migration path.

We've put together this dedicated webpage to keep you up-to-date on the latest updates from our side, the technicalities of the vulnerability, our incident response plan, and recommended actions.