Exploited
CWE
306
Advisory Published
Updated

CVE-2021-37415: Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

First published: Wed Sep 01 2021(Updated: )

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ManageEngine ServiceDesk Plus
Zohocorp ManageEngine ServiceDesk Plus=11.0-11005
Zohocorp ManageEngine ServiceDesk Plus=11.0-11006
Zohocorp ManageEngine ServiceDesk Plus=11.0-11007
Zohocorp ManageEngine ServiceDesk Plus=11.0-11008
Zohocorp ManageEngine ServiceDesk Plus=11.0-11009
Zohocorp ManageEngine ServiceDesk Plus=11.0-11010
Zohocorp ManageEngine ServiceDesk Plus=11.0-11011
Zohocorp ManageEngine ServiceDesk Plus=11.1
Zohocorp ManageEngine ServiceDesk Plus=11.1-11100
Zohocorp ManageEngine ServiceDesk Plus=11.1-11101
Zohocorp ManageEngine ServiceDesk Plus=11.1-11102
Zohocorp ManageEngine ServiceDesk Plus=11.1-11103
Zohocorp ManageEngine ServiceDesk Plus=11.1-11104
Zohocorp ManageEngine ServiceDesk Plus=11.1-11105
Zohocorp ManageEngine ServiceDesk Plus=11.1-11106
Zohocorp ManageEngine ServiceDesk Plus=11.1-11107
Zohocorp ManageEngine ServiceDesk Plus=11.1-11108
Zohocorp ManageEngine ServiceDesk Plus=11.1-11109
Zohocorp ManageEngine ServiceDesk Plus=11.1-11110
Zohocorp ManageEngine ServiceDesk Plus=11.1-11111
Zohocorp ManageEngine ServiceDesk Plus=11.1-11112
Zohocorp ManageEngine ServiceDesk Plus=11.1-11113
Zohocorp ManageEngine ServiceDesk Plus=11.1-11114
Zohocorp ManageEngine ServiceDesk Plus=11.1-11115
Zohocorp ManageEngine ServiceDesk Plus=11.1-11116
Zohocorp ManageEngine ServiceDesk Plus=11.1-11117
Zohocorp ManageEngine ServiceDesk Plus=11.1-11118
Zohocorp ManageEngine ServiceDesk Plus=11.1-11119
Zohocorp ManageEngine ServiceDesk Plus=11.1-11120
Zohocorp ManageEngine ServiceDesk Plus=11.1-11121
Zohocorp ManageEngine ServiceDesk Plus=11.1-11122
Zohocorp ManageEngine ServiceDesk Plus=11.1-11123
Zohocorp ManageEngine ServiceDesk Plus=11.1-11124
Zohocorp ManageEngine ServiceDesk Plus=11.1-11125
Zohocorp ManageEngine ServiceDesk Plus=11.1-11126
Zohocorp ManageEngine ServiceDesk Plus=11.1-11127
Zohocorp ManageEngine ServiceDesk Plus=11.1-11128
Zohocorp ManageEngine ServiceDesk Plus=11.1-11129
Zohocorp ManageEngine ServiceDesk Plus=11.1-11130
Zohocorp ManageEngine ServiceDesk Plus=11.1-11131
Zohocorp ManageEngine ServiceDesk Plus=11.1-11132
Zohocorp ManageEngine ServiceDesk Plus=11.1-11133
Zohocorp ManageEngine ServiceDesk Plus=11.1-11134
Zohocorp ManageEngine ServiceDesk Plus=11.1-11135
Zohocorp ManageEngine ServiceDesk Plus=11.1-11136
Zohocorp ManageEngine ServiceDesk Plus=11.1-11137
Zohocorp ManageEngine ServiceDesk Plus=11.1-11138
Zohocorp ManageEngine ServiceDesk Plus=11.1-11139
Zohocorp ManageEngine ServiceDesk Plus=11.1-11140
Zohocorp ManageEngine ServiceDesk Plus=11.1-11141
Zohocorp ManageEngine ServiceDesk Plus=11.1-11142
Zohocorp ManageEngine ServiceDesk Plus=11.1-11143
Zohocorp ManageEngine ServiceDesk Plus=11.1-11144
Zohocorp ManageEngine ServiceDesk Plus=11.2
Zohocorp ManageEngine ServiceDesk Plus=11.2-11200
Zohocorp ManageEngine ServiceDesk Plus=11.2-11201
Zohocorp ManageEngine ServiceDesk Plus=11.2-11202
Zohocorp ManageEngine ServiceDesk Plus=11.2-11203
Zohocorp ManageEngine ServiceDesk Plus=11.2-11204
Zohocorp ManageEngine ServiceDesk Plus=11.2-11205
Zohocorp ManageEngine ServiceDesk Plus=11.2-11206
Zohocorp ManageEngine ServiceDesk Plus=11.2-11207
Zohocorp ManageEngine ServiceDesk Plus=11.3
Zohocorp ManageEngine ServiceDesk Plus=11.3-11300
Zohocorp ManageEngine ServiceDesk Plus=11.3-11301
ManageEngine ServiceDesk Plus=11.0-11005
ManageEngine ServiceDesk Plus=11.0-11006
ManageEngine ServiceDesk Plus=11.0-11007
ManageEngine ServiceDesk Plus=11.0-11008
ManageEngine ServiceDesk Plus=11.0-11009
ManageEngine ServiceDesk Plus=11.0-11010
ManageEngine ServiceDesk Plus=11.0-11011
ManageEngine ServiceDesk Plus=11.1
ManageEngine ServiceDesk Plus=11.1-11100
ManageEngine ServiceDesk Plus=11.1-11101
ManageEngine ServiceDesk Plus=11.1-11102
ManageEngine ServiceDesk Plus=11.1-11103
ManageEngine ServiceDesk Plus=11.1-11104
ManageEngine ServiceDesk Plus=11.1-11105
ManageEngine ServiceDesk Plus=11.1-11106
ManageEngine ServiceDesk Plus=11.1-11107
ManageEngine ServiceDesk Plus=11.1-11108
ManageEngine ServiceDesk Plus=11.1-11109
ManageEngine ServiceDesk Plus=11.1-11110
ManageEngine ServiceDesk Plus=11.1-11111
ManageEngine ServiceDesk Plus=11.1-11112
ManageEngine ServiceDesk Plus=11.1-11113
ManageEngine ServiceDesk Plus=11.1-11114
ManageEngine ServiceDesk Plus=11.1-11115
ManageEngine ServiceDesk Plus=11.1-11116
ManageEngine ServiceDesk Plus=11.1-11117
ManageEngine ServiceDesk Plus=11.1-11118
ManageEngine ServiceDesk Plus=11.1-11119
ManageEngine ServiceDesk Plus=11.1-11120
ManageEngine ServiceDesk Plus=11.1-11121
ManageEngine ServiceDesk Plus=11.1-11122
ManageEngine ServiceDesk Plus=11.1-11123
ManageEngine ServiceDesk Plus=11.1-11124
ManageEngine ServiceDesk Plus=11.1-11125
ManageEngine ServiceDesk Plus=11.1-11126
ManageEngine ServiceDesk Plus=11.1-11127
ManageEngine ServiceDesk Plus=11.1-11128
ManageEngine ServiceDesk Plus=11.1-11129
ManageEngine ServiceDesk Plus=11.1-11130
ManageEngine ServiceDesk Plus=11.1-11131
ManageEngine ServiceDesk Plus=11.1-11132
ManageEngine ServiceDesk Plus=11.1-11133
ManageEngine ServiceDesk Plus=11.1-11134
ManageEngine ServiceDesk Plus=11.1-11135
ManageEngine ServiceDesk Plus=11.1-11136
ManageEngine ServiceDesk Plus=11.1-11137
ManageEngine ServiceDesk Plus=11.1-11138
ManageEngine ServiceDesk Plus=11.1-11139
ManageEngine ServiceDesk Plus=11.1-11140
ManageEngine ServiceDesk Plus=11.1-11141
ManageEngine ServiceDesk Plus=11.1-11142
ManageEngine ServiceDesk Plus=11.1-11143
ManageEngine ServiceDesk Plus=11.1-11144
ManageEngine ServiceDesk Plus=11.2
ManageEngine ServiceDesk Plus=11.2-11200
ManageEngine ServiceDesk Plus=11.2-11201
ManageEngine ServiceDesk Plus=11.2-11202
ManageEngine ServiceDesk Plus=11.2-11203
ManageEngine ServiceDesk Plus=11.2-11204
ManageEngine ServiceDesk Plus=11.2-11205
ManageEngine ServiceDesk Plus=11.2-11206
ManageEngine ServiceDesk Plus=11.2-11207
ManageEngine ServiceDesk Plus=11.3
ManageEngine ServiceDesk Plus=11.3-11300
ManageEngine ServiceDesk Plus=11.3-11301

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2021-37415?

    The severity of CVE-2021-37415 is categorized as high due to the potential for authentication bypass.

  • How do I fix CVE-2021-37415?

    To fix CVE-2021-37415, upgrade Zoho ManageEngine ServiceDesk Plus to version 11302 or later.

  • What are the potential impacts of CVE-2021-37415?

    CVE-2021-37415 can lead to unauthorized access allowing attackers to execute REST API calls without proper authentication.

  • Which versions of Zoho ManageEngine ServiceDesk Plus are affected by CVE-2021-37415?

    CVE-2021-37415 affects all versions of Zoho ManageEngine ServiceDesk Plus before 11302.

  • Is CVE-2021-37415 actively exploited?

    As of the latest information available, there are reports of CVE-2021-37415 being actively exploited in the wild.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203