CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Project:Zoho
Product:ManageEngine ServiceDesk Plus (SDP)
Date Added:2021-12-01Due Date:2021-12-15
Vulnerability Name
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Description
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-37415