www.manageengine.com
Open in
urlscan Pro
207.224.234.120
Public Scan
URL:
https://www.manageengine.com/products/service-desk/security-response-plan.html
Submission: On December 13 via api from US — Scanned from DE
Submission: On December 13 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
Name: form-hockey_v1 — https://www.manageengine.com/search-results.html
<form id="cse-search-box" action="https://www.manageengine.com/search-results.html" name="form-hockey_v1"> <input id="hockey_v1-query" type="text" placeholder="Search..." value="" class="newsearchbox fl" name="query"> </form>Name: subscribe — POST https://www.manageengine.com/newsletter-thanks.html
<form onsubmit="return subscribeNl()" method="post" name="subscribe" action=" https://www.manageengine.com/newsletter-thanks.html">
<div class="clearfix pr"><span class="footer-subscribenewsletteremail">Email *</span><span class="footer-subscribenewslettersubmit">Subscribe</span></div>
</form>Text Content
* Products
* ACTIVE DIRECTORY
Active Deirectory Identify and Access Management
* IT HELP DESK
IT help desk and customer support
* DESKTOP & MOBILE
Desktop and mobile device management
* NETWORK & SERVER
Network performance management
* APPLICATION
App Management Software
* IT SECURITY
IT security management solutions
* ANALYTICS
Advanced analytics for IT
* CLOUD
Cloud-based IT management solutions
* MSP
IT management for MSPs
ACTIVE DIRECTORY
Easily manage, secure, report, and audit your Active Directory
* ADManager PlusActive Directory Management and Reporting
* ADAudit PlusActive Directory Auditing
* ADSelfService PlusIdentity Password Management & IT Self-Service
* RecoveryManager PlusActive Directory Backup & Recovery Tool
* DataSecurity PlusFile auditing, DLP and data discovery
* AD360Active Directory Identity Management
* FileAnalysisFile security and storage analysis solution
MICROSOFT 365 AND EXCHANGE
Manage, report, and secure your M365
* M365 Manager PlusMicrosoft 365 Management, Reporting, & Auditing
* SharePoint Manager PlusSharePoint Reporting & Auditing
* Exchange Reporter PlusExchange Server Auditing & Reporting
* M365 Security PlusMicrosoft 365 Security and Protection
Related Free Tools Security Hardening for Active DirectoryActive Directory
Academy
IT HELP DESK AND CUSTOMER SUPPORT
Gain visibility and control over IT and customer support issues
* ServiceDesk PlusHelp Desk Software
* AssetExplorerAsset Management
* ServiceDesk Plus MSPHelp Desk for MSP
* Zoho AssistRemote Support Software
* SupportCenter PlusCustomer Support Software
* Remote Access PlusRemote Access Software
Related Free Tools
DESKTOP AND MOBILE DEVICE MANAGEMENT
Monitor, manage, and secure your mobile devices, servers, desktops, laptops,
and web browsers
* Application Control PlusApplication Control and Privilege Management
* Desktop CentralHolistic unified endpoint management and security
* Desktop Central MSPComprehensive endpoint management
* Patch Manager PlusPatch Management
* Browser Security PlusBrowser Management and Security Software
* OS DeployerOS Deployment
* Vulnerability Manager PlusEnterprise vulnerability management
* Mobile Device Manager PlusMobile Device Management
* Mobile Device Manager Plus MSPMobile Device Management for MSP
* Patch Connect PlusSCCM Third Party Patch Management
* Remote Access PlusRemote Access Software
* Zoho AssistRemote Support Software
* Device Control PlusDLP for removable devices
* Endpoint DLP PlusAdvanced data loss prevention for endpoints
Free System ToolsFree Windows Admin Tools
NETWORK AND SERVER MANAGEMENT
Manage and optimize performance of your entire network, in real time
* OpManager PlusIntegrated Network, Server, Traffic, & Config. Management
* OpManagerNetwork Monitoring Software
* OpManager MSPNetwork and server monitoring for MSPs
* NetFlow AnalyzerBandwidth Monitoring & Traffic Analysis
* Network Configuration ManagerNetwork Configuration Management
* Firewall AnalyzerFirewall Configuration & Log Management
* Applications ManagerServer and Application Monitoring software
* Site24x7Website and Server Monitoring
* OpUtilsIP Address & Switch Port Management
Related Free Tools
APPLICATION MANAGEMENT
Monitor performance of business-critical applications running on-premises and
in the cloud
* Applications ManagerApplication Performance Monitoring (APM)
* Application Control PlusApplication Control and Privilege Management
* Browser Security PlusBrowser Management and Security Software
* Site24x7 StatusIQStatus and incident communication platform for IT
* Site24x7 APM InsightApplication performance monitoring and troubleshooting
Related Free Tools
IT SECURITY MANAGEMENT SOLUTIONS
Protect your IT infrastructure and your business with advanced security
solutions
* ADAudit PlusActive Directory Auditing
* Access Manager PlusA privileged session management solution
* Application Control PlusApplication Control and Privilege Management
* Log360Comprehensive threat mitigation & SIEM
* PAM360Privileged Access Management
* Password Manager ProPrivileged Password Management
* Key Manager PlusSSH Key and SSL Certificate Management
* DataSecurity PlusFile auditing, DLP and data discovery
* Patch Manager PlusPatch Management
* ADSelfService PlusActive Directory Password Management
* M365 Manager PlusMicrosoft 365 Security and Compliance Solution
* M365 Security PlusMicrosoft 365 Security and Protection
* EventLog AnalyzerLog management for SIEM
* Mobile Device Manager PlusMobile Device Management
* Vulnerability Manager PlusEnterprise vulnerability management
* PAM360 (MSP)Comprehensive privileged access management
* Password Manager Pro (MSP)Privileged Password Management for MSP
* Cloud Security PlusCloud Security & Log Management
* Firewall AnalyzerFirewall Configuration & Log Management
* Patch Connect PlusSCCM Third Party Patch Management
* Browser Security PlusBrowser Management and Security Software
* Mobile Device Manager Plus MSPMobile Device Management for MSP
* Device Control PlusDLP for removable devices
* FileAnalysisFile security and storage analysis solution
* Endpoint DLP PlusAdvanced data loss prevention for endpoints
ADVANCED ANALYTICS FOR IT
Gain deeper insight into your IT with data visualizations and advanced,
self-service analytics
* Analytics PlusAdvanced IT Analytics (On-Premise)
* Site24x7 CloudSpendCost management solution for public clouds
* Zoho AnalyticsAdvanced IT Analytics (Cloud)
CLOUD-BASED IT MANAGEMENT SOLUTIONS
Manage and monitor your IT from the cloud
* ServiceDesk PlusHelp Desk
* Mobile Device Manager PlusMobile Device Management
* Mobile Device Manager Plus MSPMobile Device Management for MSP
* M365 Manager PlusMicrosoft 365 Management, Reporting, & Auditing
* Log360 CloudLog management on a secure cloud platform
* Patch Manager PlusPatch Management
* Remote Access PlusRemote Access Software
* Identity Manager Plus Secure single sign-on for enterprises
* AlarmsOneIT Alert Management
* Site24x7Website, Server and Application Performance Monitoring
* Desktop CentralSAAS unified endpoint management
* Site24x7 CloudSpendCost management solution for public clouds
* Site24x7 StatusIQStatus and incident communication platform for IT
* Zoho AnalyticsAdvanced IT Analytics
* Zoho CreatorBuild your own business apps
* Zoho AssistRemote Support Software
* Zoho ProjectsCollaborative project management
* Zoho SprintsAgile Project Management
* Zoho WorkplaceAll-in-one collaboration tool for unified communication
* Zoho MailSecure email hosting solution for businesses
Azure MarketplaceAWS Marketplace Our Datacenters
IT MANAGEMENT FOR MSPS
Grow your MSP business with scalable, secure IT management solutions
* RMM CentralUnified remote monitoring and management solution
* PAM360Comprehensive privileged access management
* Password Manager ProPrivileged Password Management for MSP
* ServiceDesk Plus MSPHelp Desk for MSP
* Desktop Central MSPComprehensive endpoint management
* OpManager MSPNetwork and server monitoring for MSPs
* Site24x7Website, Server and Application Performance Monitoring
* Zoho AssistRemote Support Software
* Mobile Device Manager Plus MSPMobile Device Management for MSP
VIEW ALL PRODUCTS
* Store
* Partners
* Affiliate
* Support
* Support enquiries
* Evaluators
* Training and certification
* Service packs
* Downloads and signups
* Product updates
* Security Response Center
* Follow us:
* System requirements
* Product documentation
* Knowledge base
* White papers
* Forums
* Blogs
* Video lounge
* Toll Free
* US: +1 888 720 9500
* US: +1-888 791 1189
* US Sales: +1 833-420-0996
* CA Sales: +1 833-416-0441
* Aus: 1800 631 268
* UK: 0800 028 6590
* IN: 1800 572 6673
* Tel
* Intl: +1 925 924 9500
* CN: +86 400 660 8680
* CA: +1 514 673 9946
* US: +1 844 245 1105
* Direct Inward Dialing
* Tel: +1 408 916 9300
*
Login | Register
*
Desktop Management | On-premises | OS Deployment | Remote Access Software |
Asset Management | Customer Support Software | Help Desk Software | Remote
Support Software | Active Directory Management and Reporting | Active
Directory Auditing | Identity Password Management &IT Self-Service | Exchange
Server Auditing &Reporting | Active Directory Backup &Recovery Tool |
SharePoint Reporting &Auditing | File server auditing &data discovery |
Active Directory Identity Management (AD360) | Application Performance
Monitoring (APM) | Website Monitoring &Server Monitoring (Cloud) | Network
Monitoring Software | Bandwidth Monitoring &Traffic Analysis | Microsoft 365
Management and Reporting| Mobile device management | Browser security
&management | Privileged Access Management
Try now
* Overview
* For enterprises
* Features
* Demo
* Get Quote
* Editions
* Resources
* Support
ServiceDesk Plus > Security response plan
SECURITY RESPONSE PLAN FOR UNAUTHENTICATED RCE VULNERABILITY (CVE-2021-44077)
Vulnerability fixed
Update to ServiceDesk Plus build 11306 or above immediately→
ABOUT THE VULNERABILITY
An unauthenticated remote code execution (RCE) vulnerability (CVE-2021-44077)
was identified in ManageEngine ServiceDesk Plus. This vulnerability affects
ServiceDesk Plus (on-premises) customers of all editions using versions 11305
and below. We rate this vulnerability as critical and have noticed active
exploitation of this vulnerability by cyberthreat actors. We strongly urge
customers to upgrade to ServiceDesk Plus versions 11306 and above.
* Please note that this vulnerability is not new but was already identified and
addressed on September 16, 2021 in versions 11306 and above, and an advisory
was published as well.
Read the advisory →
*
EXPLOIT DETECTION TOOL
Use the exploit detection tool to run a quick scan and discover any compromises
in your installation. The tool checks for the presence of any indicators of
compromise associated with the CVE-2021-44077 vulnerability and notifies you if
your system is infected.
Download the tool & check if you are compromised →
HOW TO USE THE EXPLOIT DETECTION TOOL
* Start > Run and type "services.msc" and hit Enter or press OK.
* Locate and stop the "ManageEngine ServiceDesk Plus" service.
* Download the exploit detection tool (Zip file).
* Extract the Zip file to \ManageEngine\ServiceDesk
* Go to the extracted folder: \ManageEngine\ServiceDesk\FindVulnerableFile.
* Right-click the RCEScan.bat file and choose Run as Administrator. A command
window will open and the scan will be initiated. If your server is affected,
you will get one of the following messages:
"Your server has been compromised by an Unauthenticated RCE attack. Isolate
the ServiceDesk Plus server from the network immediately and contact
ServiceDesk Plus support for more assistance."
Or
"Unknown and/or modified files have been detected in your server. Please send
the vulnerablefiles.txt from ManageEngine/ServiceDesk/FindVulnerableFile to
support@servicedeskplus.com and mention the subject as "CVE-2021-44077" so
that we can check if your server has been compromised."
* If your server is affected, send us the following folders for further
analysis:
ManageEngine\ServiceDesk\logs
\ManageEngine\ServiceDesk\webapps\ROOT\WEB-INF
\ManageEngine\ServiceDesk\bin.
The scan tool checks for malicious files and entries in logs. At any given
time, ServiceDesk Plus maintains only 50 log files and so your server
compromise may not be detectable in the log files.
* On the other hand, if you have already migrated to ServiceDesk Plus 11306 or
later, your ServiceDesk Plus installation is secure and no longer vulnerable
to any new attacks. However, the system could have been compromised before
the upgrade. As for fresh installations of ServiceDesk Plus starting from
build 11306 or later, they are secure and will not be impacted by this
vulnerability.
So, as a precautionary measure, please move your installation to a new server
by following the procedure below.
STEPS TO MOVE YOUR SERVICEDESK PLUS INSTALLATION TO A NEW SERVER
Follow the steps below to move your ServiceDesk Plus installation to a new
server.
* Step 1 : Disconnect your server from the network.
* Step 2 : Back up ServiceDesk Plus data:
* Environments using PosgreSQL database:
* Open command prompt.
* Navigate to \ManageEngine\ServiceDesk\pgsql\bin
* Execute the following command:
pg_dump -U {user-name} {source_db} -f {dumpfilename.sql}
Note: A backup will be created with the file name "dumpfilename.sql". Take
a copy of this file to restore ServiceDesk Plus data.
* Environments using Microsoft SQL Server database: Disconnect the Microsoft
SQL Server.
* Step 3 : Back up the files under the following directories:
Note: Before making a backup, make sure that there are no executable files in
these directories. Typical format for names of executable files: *.exe,
*.jsp, *.bat, *.sh, etc. If you find unrecognizable executable files in any
of the directories, contact support for further assistance.
\ManageEngine\ServiceDesk\fileAttachments
\ManageEngine\ServiceDesk\inlineimages
\ManageEngine\ServiceDesk\LuceneIndex
\ManageEngine\ServiceDesk\conf
\ManageEngine\ServiceDesk\custom
\ManageEngine\ServiceDesk\app_relationships
\ManageEngine\ServiceDesk\integration
\ManageEngine\ServiceDesk\archive
\ManageEngine\ServiceDesk\zreports
\ManageEngine\ServiceDesk\lib\AdventNetLicense.xml
\ManageEngine\ServiceDesk\ZIA\dataset
\ManageEngine\ServiceDesk\ImportResults
* Step 4 : Set up a new server to install ServiceDesk Plus afresh.
* Step 5 : Download and install the same version of ServiceDesk Plus on the new
server.
* Step 6 : Restore data (if you were using the built-in PostgreSQL database) by
using the backup file created or connect to the database (if you were using
Microsoft SQL Server database). To restore data in PostgreSQL setups, follow
these steps:
* Copy the backup file "dumpfilename.sql" to
\ManageEngine\ServiceDesk\pgsql\bin
* Open command prompt
* Navigate to \ManageEngine\ServiceDesk\bin
* Execute the following command :
startDB.bat 65432
* Navigate to \ManageEngine\ServiceDesk\pgsql\bin
* Execute the following commands:
psql -h localhost -p 65432 -U postgres -d servicedesk
query \c postgres
drop database servicedesk;
create database servicedesk;
\q or quit.
pg_dump -U {user-name} {source_db} -f {dumpfilename.sql}
* Navigate to \ManageEngine\ServiceDesk\bin
* Execute the following command:
stopdb.bat 65432
* Step 7 : Restore the backed up files (obtained in Step 3) to their respective
directories.
* Step 8 : Upgrade ServiceDesk Plus to the latest version. See: Migration
Sequence.
FOR ANY ASSISTANCE REGARDING THE VULNERABILITY
Please feel free to contact our support team.
*
* Write us to
support@servicedeskplus.com
*
* Call us toll-free at
+1.888.720.9500.
FREQUENTLY ASKED QUESTIONS
Expand All
1. What is the CVE-2021-44077 vulnerability?
This is an unauthenticated RCE vulnerability that was identified in the
on-premises model of ServiceDesk Plus. It can allow an adversary to execute
arbitrary code and carry out any subsequent attacks.
2. Which versions of ServiceDesk Plus have this vulnerability?
This vulnerability affects versions 11305 and below in the on-premises model of
ServiceDesk Plus (all editions).
3. How do I know if I've been affected by this vulnerability?
Click the Help link in the top-right corner of the ServiceDesk Plus web client,
and select About from the drop-down to see your current version. If your current
version (all editions) is 11305 and below, you might be affected.
You can also run the exploit detection tool above to verify if your installation
has been compromised.
4. What should I do if my installation is compromised?
* If your server is affected, send us the following folders for further
analysis:
ManageEngine\ServiceDesk\logs
\ManageEngine\ServiceDesk\webapps\ROOT\WEB-INF
\ManageEngine\ServiceDesk\bin.
The scan tool checks for malicious files and entries in logs. At any given
time, ServiceDesk Plus maintains only 50 log files and so your server
compromise may not be detectable in the log files.
Further, please follow the steps mentioned above, to move your ServiceDesk
Plus installation to the new server.
5. How do I upgrade ServiceDesk Plus to the latest version?
You can upgrade to the latest version (12001) using the appropriate migration
path.
6. How do I find my current version number?
Click the Help link in the top-right corner of the ServiceDesk Plus web client,
and select About from the drop-down to see your current version. If your current
version (all editions) is 11305 and below, you might be affected.
7. Are there any work-arounds that address this vulnerability if I can't update
immediately?
We strongly recommend you upgrade to the latest version; however, if you are not
able to do so, please follow the steps below to modify the web.xml and
struts-config.xml files to mitigate the issue.
Step 1: Open the web.xml file from the following location:
<sdp_home>/webapps/ROOT/WEB-INF/web.xml
Step 2: Replace the following lines
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/RestAPI/*</url-pattern>
</servlet-mapping>
with the code below:
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/RestAPI/WC/TwoFactorAction</url-pattern>
<url-pattern>/RestAPI/TwoFactorAction</url-pattern>
<servlet-mapping>
Step 3: Open the struts-config.xml file from the following location:
<sdp_home>/webapps/ROOT/WEB-INF/struts-config.xml
Step 4: Remove the following lines:
<form-bean name="ImportTechnicians"
type="com.adventnet.servicedesk.setup.form.ImportTechniciansForm"/>
and
<action name="ImportTechnicians" path="/ImportTechnicians" scope="request"
type="com.adventnet.servicedesk.setup.action.ImportTechniciansAction">
<forward name="GetInputFile" path="/setup/GetTechInputFile.jsp"/>
<forward name="ImportConfirmation" path="/setup/TechImportConfirmation.jsp"/>
<forward name="MapFields" path="/setup/TechMapFields.jsp"/>
</action>
Step 5: In the same struts-config.xml file, please modify the following lines:
<action path="/TwoFactorAction" ...
<action path="/WC/TwoFactorAction" .....
as shown below:
<action path="/RestAPI/TwoFactorAction" ...
<action path="/RestAPI/WC/TwoFactorAction" ...
Step 6: Restart the system for the changes in the web.xml and struts-config.xml
files to take effect.
These modifications to web.xml and struts-config.xml should mitigate the issue.
8. What is ManageEngine doing to address this vulnerability?
The vulnerability has been addressed by fixing the security configuration
process in ServiceDesk Plus versions 11306 and above. You can upgrade to the
latest version (12001) using the appropriate migration path.
9. Where can I get complete details about this vulnerability and the recommended
actions?
We've put together this dedicated webpage to keep you up-to-date on the latest
updates from our side, the technicalities of the vulnerability, our incident
response plan, and recommended actions.
* FREE TOOLS AND RESOURCES
MINIMIZE DISRUPTIONS, AND OFFER STELLAR SUPPORT TO EMPLOYEES AND CUSTOMERS.
A wide range of tools and resources to help IT and business teams streamline
their service management processes.
*
* * Forrester's Total Economic Impact study of ServiceDesk Plus
* ITIL®-ready help desk software
* Cloud based help desk software
* Enterprise service management solution
* IT help desk for MSPs
* Personalized IT help desk demo
* Tailor-made IT help desk price quote
* IT help desk feature check list
* Key IT help desk capabilities
* IT help desk essentials
* ITSM best practice e-books
* IT help desk plans and pricing
* ITIL® 4 webinar
* ITSM success stories
* Help desk software
* Help desk demo
ITIL® is a registered trade mark of AXELOS Limited. All rights reserved.
Let's support faster, easier, and together
Sign up(Cloud) Download(On-Premises) Request a free demo
*
Live Demo
*
Compare
*
Get quote
Company
* About us
* News
* Events
* Customers
* PitStop
* Partner portal
* Affiliate
* Government
* Newsletter
* Cookie Policy
* Careers
* Site map
* Trademarks
* EULA
* Contact us
* Feedback
* Privacy policy
* Security
* Security Response Center
Regional websites
* Global (English)
* América Latina (Spanish)
* Australia (English)
* Brazil (Português)
* Belgium (Dutch)
* China (中文)
* Denmark (norsk)
* Deutschland (German)
* Europe (English)
* France (French)
* Greece (Greek)
* India (English)
* Israel (עברית)
* Italy (italiano)
* Japan (日本語)
* Korea (한국어)
* México (Español)
* Nederland (Dutch)
* Poland (Polskie)
* Russian (русский)
* Schweiz (German)
* South Africa (English)
* Spain (España)
* Sverige (svenska)
* Taiwan (中文)
* Türkiye (Türk)
* United Kingdom (English)
Newsletter
Subscribe to Monthly Newsletter
Email *Subscribe
Follow us:
ManageEngine is a division of
Zoho Corp.
© 2021 Zoho Corp. All rights reserved.
We use cookies to help us understand and serve you better. Take a look at our
Cookie Policy.OK
Back to Top
We're Online!
How may I help you today?