CVE-2021-44077 Zoho CVE debrief

Who should care

Administrators and security teams responsible for Zoho ManageEngine ServiceDesk Plus (SDP) and SupportCenter Plus, especially any internet-facing or broadly accessible deployments. Incident response and vulnerability management teams should also prioritize it because CISA lists the flaw as known exploited.

Technical summary

The available official records identify CVE-2021-44077 as a remote code execution vulnerability affecting Zoho ManageEngine ServiceDesk Plus / SupportCenter Plus. The CISA KEV entry states that affected users should apply updates per vendor instructions. No additional technical details were supplied in the corpus here, so this summary is limited to the official classification and mitigation guidance.

Defensive priority

Urgent. CISA’s Known Exploited Vulnerabilities catalog indicates this issue is being actively exploited, so remediation should be prioritized ahead of routine patch cycles.

Recommended defensive actions

• Apply updates per vendor instructions as directed in the CISA KEV entry.
• Confirm whether any ManageEngine ServiceDesk Plus or SupportCenter Plus instances exist in the environment.
• Prioritize exposed or production systems for immediate remediation.
• Review relevant logs and alerts for signs of unauthorized activity around the affected services.
• If patching is delayed, reduce exposure by limiting access to the application to trusted networks and administrators only.

Evidence notes

This debrief is based only on the supplied official sources: the CISA KEV JSON entry, the CVE record link, and the NVD detail link. The KEV record identifies the product family, classifies the issue as a remote code execution vulnerability, lists it as known exploited, and sets a due date of 2021-12-15 for applying updates per vendor instructions. No CVSS score was provided in the supplied data.

Official resources