CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-37415

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.5150%
EPSS Percentile88.72th
Published2021年9月1日
Last Modified2025年10月31日

Vulnerability Description

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Affected Platforms (CPE)

📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.1
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.2
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.3
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.3
📦
Zohocorp

Manageengine Servicedesk Plus

= 11.3

References & Advisories

🔗 https://www.manageengine.com
🔗 https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302
🔗 https://www.manageengine.com
🔗 https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-37415

関連する脆弱性情報

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2019-83959.8

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 1000...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...