CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.manageengine.com	Product
https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11134::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11135::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11136::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11137::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:-::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300::::::
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301::::::

History

14 Feb 2024, 20:40

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 - Vendor Advisory~~	(CONFIRM) https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 - Release Notes
References	~~(MISC) https://www.manageengine.com - Vendor Advisory~~	(MISC) https://www.manageengine.com - Product

Information

Published : 2021-09-01 06:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-37415

Mitre link : CVE-2021-37415

CVE.ORG link : CVE-2021-37415

JSON object : View

Products Affected

zohocorp

manageengine_servicedesk_plus

CWE

CWE-306

Missing Authentication for Critical Function

9.8 /10