CVE-2021-37415

Warning

EPSS 89.33%
Published 01.09.2021 06:15:06
Last modified 03.04.2025 19:48:08
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11005

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11006

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11007

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11008

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11009

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11010

Zohocorp ≫ Manageengine Servicedesk Plus Version11.0 Update11011

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11100

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11101

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11102

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11103

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11104

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11105

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11106

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11107

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11108

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11109

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11110

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11111

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11112

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11113

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11114

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11115

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11116

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11117

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11118

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11119

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11120

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11121

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11122

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11123

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11124

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11125

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11126

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11127

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11128

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11129

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11130

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11131

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11132

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11133

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11134

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11135

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11136

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11137

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11138

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11139

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11140

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11141

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11142

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11143

Zohocorp ≫ Manageengine Servicedesk Plus Version11.1 Update11144

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11200

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11201

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11202

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11203

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11204

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11205

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11206

Zohocorp ≫ Manageengine Servicedesk Plus Version11.2 Update11207

Zohocorp ≫ Manageengine Servicedesk Plus Version11.3 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version11.3 Update11300

Zohocorp ≫ Manageengine Servicedesk Plus Version11.3 Update11301

01.12.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	89.33%	0.995

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.manageengine.com

Product

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-37415

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37415

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37415

EUVD