Exploited
critical
9.8
CWE
306
Advisory Published
Updated

CVE-2021-37415: Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

First published: Wed Sep 01 2021(Updated: )

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zoho ManageEngine ServiceDesk Plus
Zoho ManageEngine ServiceDesk Plus=11.0-11005
Zoho ManageEngine ServiceDesk Plus=11.0-11006
Zoho ManageEngine ServiceDesk Plus=11.0-11007
Zoho ManageEngine ServiceDesk Plus=11.0-11008
Zoho ManageEngine ServiceDesk Plus=11.0-11009
Zoho ManageEngine ServiceDesk Plus=11.0-11010
Zoho ManageEngine ServiceDesk Plus=11.0-11011
Zoho ManageEngine ServiceDesk Plus=11.1
Zoho ManageEngine ServiceDesk Plus=11.1-11100
Zoho ManageEngine ServiceDesk Plus=11.1-11101
Zoho ManageEngine ServiceDesk Plus=11.1-11102
Zoho ManageEngine ServiceDesk Plus=11.1-11103
Zoho ManageEngine ServiceDesk Plus=11.1-11104
Zoho ManageEngine ServiceDesk Plus=11.1-11105
Zoho ManageEngine ServiceDesk Plus=11.1-11106
Zoho ManageEngine ServiceDesk Plus=11.1-11107
Zoho ManageEngine ServiceDesk Plus=11.1-11108
Zoho ManageEngine ServiceDesk Plus=11.1-11109
Zoho ManageEngine ServiceDesk Plus=11.1-11110
Zoho ManageEngine ServiceDesk Plus=11.1-11111
Zoho ManageEngine ServiceDesk Plus=11.1-11112
Zoho ManageEngine ServiceDesk Plus=11.1-11113
Zoho ManageEngine ServiceDesk Plus=11.1-11114
Zoho ManageEngine ServiceDesk Plus=11.1-11115
Zoho ManageEngine ServiceDesk Plus=11.1-11116
Zoho ManageEngine ServiceDesk Plus=11.1-11117
Zoho ManageEngine ServiceDesk Plus=11.1-11118
Zoho ManageEngine ServiceDesk Plus=11.1-11119
Zoho ManageEngine ServiceDesk Plus=11.1-11120
Zoho ManageEngine ServiceDesk Plus=11.1-11121
Zoho ManageEngine ServiceDesk Plus=11.1-11122
Zoho ManageEngine ServiceDesk Plus=11.1-11123
Zoho ManageEngine ServiceDesk Plus=11.1-11124
Zoho ManageEngine ServiceDesk Plus=11.1-11125
Zoho ManageEngine ServiceDesk Plus=11.1-11126
Zoho ManageEngine ServiceDesk Plus=11.1-11127
Zoho ManageEngine ServiceDesk Plus=11.1-11128
Zoho ManageEngine ServiceDesk Plus=11.1-11129
Zoho ManageEngine ServiceDesk Plus=11.1-11130
Zoho ManageEngine ServiceDesk Plus=11.1-11131
Zoho ManageEngine ServiceDesk Plus=11.1-11132
Zoho ManageEngine ServiceDesk Plus=11.1-11133
Zoho ManageEngine ServiceDesk Plus=11.1-11134
Zoho ManageEngine ServiceDesk Plus=11.1-11135
Zoho ManageEngine ServiceDesk Plus=11.1-11136
Zoho ManageEngine ServiceDesk Plus=11.1-11137
Zoho ManageEngine ServiceDesk Plus=11.1-11138
Zoho ManageEngine ServiceDesk Plus=11.1-11139
Zoho ManageEngine ServiceDesk Plus=11.1-11140
Zoho ManageEngine ServiceDesk Plus=11.1-11141
Zoho ManageEngine ServiceDesk Plus=11.1-11142
Zoho ManageEngine ServiceDesk Plus=11.1-11143
Zoho ManageEngine ServiceDesk Plus=11.1-11144
Zoho ManageEngine ServiceDesk Plus=11.2
Zoho ManageEngine ServiceDesk Plus=11.2-11200
Zoho ManageEngine ServiceDesk Plus=11.2-11201
Zoho ManageEngine ServiceDesk Plus=11.2-11202
Zoho ManageEngine ServiceDesk Plus=11.2-11203
Zoho ManageEngine ServiceDesk Plus=11.2-11204
Zoho ManageEngine ServiceDesk Plus=11.2-11205
Zoho ManageEngine ServiceDesk Plus=11.2-11206
Zoho ManageEngine ServiceDesk Plus=11.2-11207
Zoho ManageEngine ServiceDesk Plus=11.3
Zoho ManageEngine ServiceDesk Plus=11.3-11300
Zoho ManageEngine ServiceDesk Plus=11.3-11301
=11.0-11005
=11.0-11006
=11.0-11007
=11.0-11008
=11.0-11009
=11.0-11010
=11.0-11011
=11.1
=11.1-11100
=11.1-11101
=11.1-11102
=11.1-11103
=11.1-11104
=11.1-11105
=11.1-11106
=11.1-11107
=11.1-11108
=11.1-11109
=11.1-11110
=11.1-11111
=11.1-11112
=11.1-11113
=11.1-11114
=11.1-11115
=11.1-11116
=11.1-11117
=11.1-11118
=11.1-11119
=11.1-11120
=11.1-11121
=11.1-11122
=11.1-11123
=11.1-11124
=11.1-11125
=11.1-11126
=11.1-11127
=11.1-11128
=11.1-11129
=11.1-11130
=11.1-11131
=11.1-11132
=11.1-11133
=11.1-11134
=11.1-11135
=11.1-11136
=11.1-11137
=11.1-11138
=11.1-11139
=11.1-11140
=11.1-11141
=11.1-11142
=11.1-11143
=11.1-11144
=11.2
=11.2-11200
=11.2-11201
=11.2-11202
=11.2-11203
=11.2-11204
=11.2-11205
=11.2-11206
=11.2-11207
=11.3
=11.3-11300
=11.3-11301

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-37415?

    The severity of CVE-2021-37415 is categorized as high due to the potential for authentication bypass.

  • How do I fix CVE-2021-37415?

    To fix CVE-2021-37415, upgrade Zoho ManageEngine ServiceDesk Plus to version 11302 or later.

  • What are the potential impacts of CVE-2021-37415?

    CVE-2021-37415 can lead to unauthorized access allowing attackers to execute REST API calls without proper authentication.

  • Which versions of Zoho ManageEngine ServiceDesk Plus are affected by CVE-2021-37415?

    CVE-2021-37415 affects all versions of Zoho ManageEngine ServiceDesk Plus before 11302.

  • Is CVE-2021-37415 actively exploited?

    As of the latest information available, there are reports of CVE-2021-37415 being actively exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203