CVE-2021-37415: Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
First published: Wed Sep 01 2021(Updated: )
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine ServiceDesk Plus | ||
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11005 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11006 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11007 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11008 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11009 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11010 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.0-11011 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11100 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11101 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11102 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11103 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11104 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11105 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11106 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11107 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11108 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11109 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11110 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11111 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11112 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11113 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11114 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11115 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11116 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11117 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11118 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11119 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11120 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11121 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11122 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11123 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11124 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11125 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11126 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11127 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11128 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11129 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11130 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11131 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11132 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11133 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11134 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11135 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11136 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11137 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11138 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11139 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11140 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11141 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11142 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11143 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.1-11144 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11200 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11201 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11202 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11203 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11204 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11205 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11206 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.2-11207 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.3 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.3-11300 | |
| Zohocorp ManageEngine ServiceDesk Plus | =11.3-11301 | |
| ManageEngine ServiceDesk Plus | =11.0-11005 | |
| ManageEngine ServiceDesk Plus | =11.0-11006 | |
| ManageEngine ServiceDesk Plus | =11.0-11007 | |
| ManageEngine ServiceDesk Plus | =11.0-11008 | |
| ManageEngine ServiceDesk Plus | =11.0-11009 | |
| ManageEngine ServiceDesk Plus | =11.0-11010 | |
| ManageEngine ServiceDesk Plus | =11.0-11011 | |
| ManageEngine ServiceDesk Plus | =11.1 | |
| ManageEngine ServiceDesk Plus | =11.1-11100 | |
| ManageEngine ServiceDesk Plus | =11.1-11101 | |
| ManageEngine ServiceDesk Plus | =11.1-11102 | |
| ManageEngine ServiceDesk Plus | =11.1-11103 | |
| ManageEngine ServiceDesk Plus | =11.1-11104 | |
| ManageEngine ServiceDesk Plus | =11.1-11105 | |
| ManageEngine ServiceDesk Plus | =11.1-11106 | |
| ManageEngine ServiceDesk Plus | =11.1-11107 | |
| ManageEngine ServiceDesk Plus | =11.1-11108 | |
| ManageEngine ServiceDesk Plus | =11.1-11109 | |
| ManageEngine ServiceDesk Plus | =11.1-11110 | |
| ManageEngine ServiceDesk Plus | =11.1-11111 | |
| ManageEngine ServiceDesk Plus | =11.1-11112 | |
| ManageEngine ServiceDesk Plus | =11.1-11113 | |
| ManageEngine ServiceDesk Plus | =11.1-11114 | |
| ManageEngine ServiceDesk Plus | =11.1-11115 | |
| ManageEngine ServiceDesk Plus | =11.1-11116 | |
| ManageEngine ServiceDesk Plus | =11.1-11117 | |
| ManageEngine ServiceDesk Plus | =11.1-11118 | |
| ManageEngine ServiceDesk Plus | =11.1-11119 | |
| ManageEngine ServiceDesk Plus | =11.1-11120 | |
| ManageEngine ServiceDesk Plus | =11.1-11121 | |
| ManageEngine ServiceDesk Plus | =11.1-11122 | |
| ManageEngine ServiceDesk Plus | =11.1-11123 | |
| ManageEngine ServiceDesk Plus | =11.1-11124 | |
| ManageEngine ServiceDesk Plus | =11.1-11125 | |
| ManageEngine ServiceDesk Plus | =11.1-11126 | |
| ManageEngine ServiceDesk Plus | =11.1-11127 | |
| ManageEngine ServiceDesk Plus | =11.1-11128 | |
| ManageEngine ServiceDesk Plus | =11.1-11129 | |
| ManageEngine ServiceDesk Plus | =11.1-11130 | |
| ManageEngine ServiceDesk Plus | =11.1-11131 | |
| ManageEngine ServiceDesk Plus | =11.1-11132 | |
| ManageEngine ServiceDesk Plus | =11.1-11133 | |
| ManageEngine ServiceDesk Plus | =11.1-11134 | |
| ManageEngine ServiceDesk Plus | =11.1-11135 | |
| ManageEngine ServiceDesk Plus | =11.1-11136 | |
| ManageEngine ServiceDesk Plus | =11.1-11137 | |
| ManageEngine ServiceDesk Plus | =11.1-11138 | |
| ManageEngine ServiceDesk Plus | =11.1-11139 | |
| ManageEngine ServiceDesk Plus | =11.1-11140 | |
| ManageEngine ServiceDesk Plus | =11.1-11141 | |
| ManageEngine ServiceDesk Plus | =11.1-11142 | |
| ManageEngine ServiceDesk Plus | =11.1-11143 | |
| ManageEngine ServiceDesk Plus | =11.1-11144 | |
| ManageEngine ServiceDesk Plus | =11.2 | |
| ManageEngine ServiceDesk Plus | =11.2-11200 | |
| ManageEngine ServiceDesk Plus | =11.2-11201 | |
| ManageEngine ServiceDesk Plus | =11.2-11202 | |
| ManageEngine ServiceDesk Plus | =11.2-11203 | |
| ManageEngine ServiceDesk Plus | =11.2-11204 | |
| ManageEngine ServiceDesk Plus | =11.2-11205 | |
| ManageEngine ServiceDesk Plus | =11.2-11206 | |
| ManageEngine ServiceDesk Plus | =11.2-11207 | |
| ManageEngine ServiceDesk Plus | =11.3 | |
| ManageEngine ServiceDesk Plus | =11.3-11300 | |
| ManageEngine ServiceDesk Plus | =11.3-11301 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-37415?
The severity of CVE-2021-37415 is categorized as high due to the potential for authentication bypass.
How do I fix CVE-2021-37415?
To fix CVE-2021-37415, upgrade Zoho ManageEngine ServiceDesk Plus to version 11302 or later.
What are the potential impacts of CVE-2021-37415?
CVE-2021-37415 can lead to unauthorized access allowing attackers to execute REST API calls without proper authentication.
Which versions of Zoho ManageEngine ServiceDesk Plus are affected by CVE-2021-37415?
CVE-2021-37415 affects all versions of Zoho ManageEngine ServiceDesk Plus before 11302.
Is CVE-2021-37415 actively exploited?
As of the latest information available, there are reports of CVE-2021-37415 being actively exploited in the wild.
- agent/type
- agent/description
- agent/title
- agent/severity
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/references
- agent/event
- agent/source
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- vendor/zoho
- canonical/manageengine servicedesk plus
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus
- version/zohocorp manageengine servicedesk plus/11.0-11005
- version/zohocorp manageengine servicedesk plus/11.0-11006
- version/zohocorp manageengine servicedesk plus/11.0-11007
- version/zohocorp manageengine servicedesk plus/11.0-11008
- version/zohocorp manageengine servicedesk plus/11.0-11009
- version/zohocorp manageengine servicedesk plus/11.0-11010
- version/zohocorp manageengine servicedesk plus/11.0-11011
- version/zohocorp manageengine servicedesk plus/11.1
- version/zohocorp manageengine servicedesk plus/11.1-11100
- version/zohocorp manageengine servicedesk plus/11.1-11101
- version/zohocorp manageengine servicedesk plus/11.1-11102
- version/zohocorp manageengine servicedesk plus/11.1-11103
- version/zohocorp manageengine servicedesk plus/11.1-11104
- version/zohocorp manageengine servicedesk plus/11.1-11105
- version/zohocorp manageengine servicedesk plus/11.1-11106
- version/zohocorp manageengine servicedesk plus/11.1-11107
- version/zohocorp manageengine servicedesk plus/11.1-11108
- version/zohocorp manageengine servicedesk plus/11.1-11109
- version/zohocorp manageengine servicedesk plus/11.1-11110
- version/zohocorp manageengine servicedesk plus/11.1-11111
- version/zohocorp manageengine servicedesk plus/11.1-11112
- version/zohocorp manageengine servicedesk plus/11.1-11113
- version/zohocorp manageengine servicedesk plus/11.1-11114
- version/zohocorp manageengine servicedesk plus/11.1-11115
- version/zohocorp manageengine servicedesk plus/11.1-11116
- version/zohocorp manageengine servicedesk plus/11.1-11117
- version/zohocorp manageengine servicedesk plus/11.1-11118
- version/zohocorp manageengine servicedesk plus/11.1-11119
- version/zohocorp manageengine servicedesk plus/11.1-11120
- version/zohocorp manageengine servicedesk plus/11.1-11121
- version/zohocorp manageengine servicedesk plus/11.1-11122
- version/zohocorp manageengine servicedesk plus/11.1-11123
- version/zohocorp manageengine servicedesk plus/11.1-11124
- version/zohocorp manageengine servicedesk plus/11.1-11125
- version/zohocorp manageengine servicedesk plus/11.1-11126
- version/zohocorp manageengine servicedesk plus/11.1-11127
- version/zohocorp manageengine servicedesk plus/11.1-11128
- version/zohocorp manageengine servicedesk plus/11.1-11129
- version/zohocorp manageengine servicedesk plus/11.1-11130
- version/zohocorp manageengine servicedesk plus/11.1-11131
- version/zohocorp manageengine servicedesk plus/11.1-11132
- version/zohocorp manageengine servicedesk plus/11.1-11133
- version/zohocorp manageengine servicedesk plus/11.1-11134
- version/zohocorp manageengine servicedesk plus/11.1-11135
- version/zohocorp manageengine servicedesk plus/11.1-11136
- version/zohocorp manageengine servicedesk plus/11.1-11137
- version/zohocorp manageengine servicedesk plus/11.1-11138
- version/zohocorp manageengine servicedesk plus/11.1-11139
- version/zohocorp manageengine servicedesk plus/11.1-11140
- version/zohocorp manageengine servicedesk plus/11.1-11141
- version/zohocorp manageengine servicedesk plus/11.1-11142
- version/zohocorp manageengine servicedesk plus/11.1-11143
- version/zohocorp manageengine servicedesk plus/11.1-11144
- version/zohocorp manageengine servicedesk plus/11.2
- version/zohocorp manageengine servicedesk plus/11.2-11200
- version/zohocorp manageengine servicedesk plus/11.2-11201
- version/zohocorp manageengine servicedesk plus/11.2-11202
- version/zohocorp manageengine servicedesk plus/11.2-11203
- version/zohocorp manageengine servicedesk plus/11.2-11204
- version/zohocorp manageengine servicedesk plus/11.2-11205
- version/zohocorp manageengine servicedesk plus/11.2-11206
- version/zohocorp manageengine servicedesk plus/11.2-11207
- version/zohocorp manageengine servicedesk plus/11.3
- version/zohocorp manageengine servicedesk plus/11.3-11300
- version/zohocorp manageengine servicedesk plus/11.3-11301
- version/manageengine servicedesk plus/11.0-11005
- version/manageengine servicedesk plus/11.0-11006
- version/manageengine servicedesk plus/11.0-11007
- version/manageengine servicedesk plus/11.0-11008
- version/manageengine servicedesk plus/11.0-11009
- version/manageengine servicedesk plus/11.0-11010
- version/manageengine servicedesk plus/11.0-11011
- version/manageengine servicedesk plus/11.1
- version/manageengine servicedesk plus/11.1-11100
- version/manageengine servicedesk plus/11.1-11101
- version/manageengine servicedesk plus/11.1-11102
- version/manageengine servicedesk plus/11.1-11103
- version/manageengine servicedesk plus/11.1-11104
- version/manageengine servicedesk plus/11.1-11105
- version/manageengine servicedesk plus/11.1-11106
- version/manageengine servicedesk plus/11.1-11107
- version/manageengine servicedesk plus/11.1-11108
- version/manageengine servicedesk plus/11.1-11109
- version/manageengine servicedesk plus/11.1-11110
- version/manageengine servicedesk plus/11.1-11111
- version/manageengine servicedesk plus/11.1-11112
- version/manageengine servicedesk plus/11.1-11113
- version/manageengine servicedesk plus/11.1-11114
- version/manageengine servicedesk plus/11.1-11115
- version/manageengine servicedesk plus/11.1-11116
- version/manageengine servicedesk plus/11.1-11117
- version/manageengine servicedesk plus/11.1-11118
- version/manageengine servicedesk plus/11.1-11119
- version/manageengine servicedesk plus/11.1-11120
- version/manageengine servicedesk plus/11.1-11121
- version/manageengine servicedesk plus/11.1-11122
- version/manageengine servicedesk plus/11.1-11123
- version/manageengine servicedesk plus/11.1-11124
- version/manageengine servicedesk plus/11.1-11125
- version/manageengine servicedesk plus/11.1-11126
- version/manageengine servicedesk plus/11.1-11127
- version/manageengine servicedesk plus/11.1-11128
- version/manageengine servicedesk plus/11.1-11129
- version/manageengine servicedesk plus/11.1-11130
- version/manageengine servicedesk plus/11.1-11131
- version/manageengine servicedesk plus/11.1-11132
- version/manageengine servicedesk plus/11.1-11133
- version/manageengine servicedesk plus/11.1-11134
- version/manageengine servicedesk plus/11.1-11135
- version/manageengine servicedesk plus/11.1-11136
- version/manageengine servicedesk plus/11.1-11137
- version/manageengine servicedesk plus/11.1-11138
- version/manageengine servicedesk plus/11.1-11139
- version/manageengine servicedesk plus/11.1-11140
- version/manageengine servicedesk plus/11.1-11141
- version/manageengine servicedesk plus/11.1-11142
- version/manageengine servicedesk plus/11.1-11143
- version/manageengine servicedesk plus/11.1-11144
- version/manageengine servicedesk plus/11.2
- version/manageengine servicedesk plus/11.2-11200
- version/manageengine servicedesk plus/11.2-11201
- version/manageengine servicedesk plus/11.2-11202
- version/manageengine servicedesk plus/11.2-11203
- version/manageengine servicedesk plus/11.2-11204
- version/manageengine servicedesk plus/11.2-11205
- version/manageengine servicedesk plus/11.2-11206
- version/manageengine servicedesk plus/11.2-11207
- version/manageengine servicedesk plus/11.3
- version/manageengine servicedesk plus/11.3-11300
- version/manageengine servicedesk plus/11.3-11301