Lucene search
China National Vulnerability DatabaseCNVD-2022-09268HistorySep 03, 2021 - 12:00 a.m.
ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability
2021-09-0300:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
zoho manageengine servicedesk plus
itil-based service management
authorization issue vulnerability
apis
authentication restrictions
sensitive links access
zoho
incident management
asset management
it project management
procurement and contract management
cnvd
EPSS
0.931
Percentile
99.1%
ZOHO ManageEngine ServiceDesk Plus (SDP) is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in Zoho ManageEngine ServiceDesk Plus, which stems from the lack of authentication restrictions in some APIs in the product, and can be exploited by attackers to access sensitive links without authentication.
Related
nessus
nessus
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
2022-02-04 00:00:00
cvelist
cvelist
CVE-2021-37415
2021-09-01 05:29:11
nvd
nvd
CVE-2021-37415
2021-09-01 06:15:06
cve
cve
CVE-2021-37415
2021-09-01 06:15:06
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine ServiceDesk Authentication Bypass (CVE-2021-37415)
2022-02-16 00:00:00
prion
prion
Authentication flaw
2021-09-01 06:15:00
cisa_kev
cisa_kev
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
2021-12-01 00:00:00
attackerkb
attackerkb
CVE-2021-37415
2021-09-01 00:00:00
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00