ZOHO ManageEngine ServiceDesk Plus (SDP) is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in Zoho ManageEngine ServiceDesk Plus, which stems from the lack of authentication restrictions in some APIs in the product, and can be exploited by attackers to access sensitive links without authentication.