Exploited
critical
9.8
CWE
306
Advisory Published
Updated

CVE-2021-37415: Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

First published: Wed Sep 01 2021(Updated: )

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zohocorp Manageengine Servicedesk Plus=11.0-11005
Zohocorp Manageengine Servicedesk Plus=11.0-11006
Zohocorp Manageengine Servicedesk Plus=11.0-11007
Zohocorp Manageengine Servicedesk Plus=11.0-11008
Zohocorp Manageengine Servicedesk Plus=11.0-11009
Zohocorp Manageengine Servicedesk Plus=11.0-11010
Zohocorp Manageengine Servicedesk Plus=11.0-11011
Zohocorp Manageengine Servicedesk Plus=11.1
Zohocorp Manageengine Servicedesk Plus=11.1-11100
Zohocorp Manageengine Servicedesk Plus=11.1-11101
Zohocorp Manageengine Servicedesk Plus=11.1-11102
Zohocorp Manageengine Servicedesk Plus=11.1-11103
Zohocorp Manageengine Servicedesk Plus=11.1-11104
Zohocorp Manageengine Servicedesk Plus=11.1-11105
Zohocorp Manageengine Servicedesk Plus=11.1-11106
Zohocorp Manageengine Servicedesk Plus=11.1-11107
Zohocorp Manageengine Servicedesk Plus=11.1-11108
Zohocorp Manageengine Servicedesk Plus=11.1-11109
Zohocorp Manageengine Servicedesk Plus=11.1-11110
Zohocorp Manageengine Servicedesk Plus=11.1-11111
Zohocorp Manageengine Servicedesk Plus=11.1-11112
Zohocorp Manageengine Servicedesk Plus=11.1-11113
Zohocorp Manageengine Servicedesk Plus=11.1-11114
Zohocorp Manageengine Servicedesk Plus=11.1-11115
Zohocorp Manageengine Servicedesk Plus=11.1-11116
Zohocorp Manageengine Servicedesk Plus=11.1-11117
Zohocorp Manageengine Servicedesk Plus=11.1-11118
Zohocorp Manageengine Servicedesk Plus=11.1-11119
Zohocorp Manageengine Servicedesk Plus=11.1-11120
Zohocorp Manageengine Servicedesk Plus=11.1-11121
Zohocorp Manageengine Servicedesk Plus=11.1-11122
Zohocorp Manageengine Servicedesk Plus=11.1-11123
Zohocorp Manageengine Servicedesk Plus=11.1-11124
Zohocorp Manageengine Servicedesk Plus=11.1-11125
Zohocorp Manageengine Servicedesk Plus=11.1-11126
Zohocorp Manageengine Servicedesk Plus=11.1-11127
Zohocorp Manageengine Servicedesk Plus=11.1-11128
Zohocorp Manageengine Servicedesk Plus=11.1-11129
Zohocorp Manageengine Servicedesk Plus=11.1-11130
Zohocorp Manageengine Servicedesk Plus=11.1-11131
Zohocorp Manageengine Servicedesk Plus=11.1-11132
Zohocorp Manageengine Servicedesk Plus=11.1-11133
Zohocorp Manageengine Servicedesk Plus=11.1-11134
Zohocorp Manageengine Servicedesk Plus=11.1-11135
Zohocorp Manageengine Servicedesk Plus=11.1-11136
Zohocorp Manageengine Servicedesk Plus=11.1-11137
Zohocorp Manageengine Servicedesk Plus=11.1-11138
Zohocorp Manageengine Servicedesk Plus=11.1-11139
Zohocorp Manageengine Servicedesk Plus=11.1-11140
Zohocorp Manageengine Servicedesk Plus=11.1-11141
Zohocorp Manageengine Servicedesk Plus=11.1-11142
Zohocorp Manageengine Servicedesk Plus=11.1-11143
Zohocorp Manageengine Servicedesk Plus=11.1-11144
Zohocorp Manageengine Servicedesk Plus=11.2
Zohocorp Manageengine Servicedesk Plus=11.2-11200
Zohocorp Manageengine Servicedesk Plus=11.2-11201
Zohocorp Manageengine Servicedesk Plus=11.2-11202
Zohocorp Manageengine Servicedesk Plus=11.2-11203
Zohocorp Manageengine Servicedesk Plus=11.2-11204
Zohocorp Manageengine Servicedesk Plus=11.2-11205
Zohocorp Manageengine Servicedesk Plus=11.2-11206
Zohocorp Manageengine Servicedesk Plus=11.2-11207
Zohocorp Manageengine Servicedesk Plus=11.3
Zohocorp Manageengine Servicedesk Plus=11.3-11300
Zohocorp Manageengine Servicedesk Plus=11.3-11301

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203