CVE-2020-35682

EPSS 0.28%
Published 13.03.2021 19:15:11
Last modified 21.11.2024 05:27:50
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Servicedesk Plus Version < 11.1

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11100

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11101

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11102

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11103

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11104

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11105

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11106

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11107

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11108

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11109

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11110

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11111

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11112

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11113

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11114

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11115

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11116

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11117

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11118

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11119

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11120

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11121

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11122

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11123

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11124

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11125

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11126

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11127

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11128

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11129

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11130

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11131

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11132

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11133

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.485

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-35682

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35682

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35682

EUVD