Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2020-35682
HistoryMar 13, 2021 - 7:15 p.m.

CVE-2020-35682

2021-03-1319:15:11
CWE-863
mitre
web.nvd.nist.gov
82
9
zoho
manageengine
servicedesk plus
authentication bypass
cve-2020-35682
nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

Affected configurations

Nvd
Node
zohocorpmanageengine_servicedesk_plusRange<11.1
OR
zohocorpmanageengine_servicedesk_plusMatch11.111100
OR
zohocorpmanageengine_servicedesk_plusMatch11.111101
OR
zohocorpmanageengine_servicedesk_plusMatch11.111102
OR
zohocorpmanageengine_servicedesk_plusMatch11.111103
OR
zohocorpmanageengine_servicedesk_plusMatch11.111104
OR
zohocorpmanageengine_servicedesk_plusMatch11.111105
OR
zohocorpmanageengine_servicedesk_plusMatch11.111106
OR
zohocorpmanageengine_servicedesk_plusMatch11.111107
OR
zohocorpmanageengine_servicedesk_plusMatch11.111108
OR
zohocorpmanageengine_servicedesk_plusMatch11.111109
OR
zohocorpmanageengine_servicedesk_plusMatch11.111110
OR
zohocorpmanageengine_servicedesk_plusMatch11.111111
OR
zohocorpmanageengine_servicedesk_plusMatch11.111112
OR
zohocorpmanageengine_servicedesk_plusMatch11.111113
OR
zohocorpmanageengine_servicedesk_plusMatch11.111114
OR
zohocorpmanageengine_servicedesk_plusMatch11.111115
OR
zohocorpmanageengine_servicedesk_plusMatch11.111116
OR
zohocorpmanageengine_servicedesk_plusMatch11.111117
OR
zohocorpmanageengine_servicedesk_plusMatch11.111118
OR
zohocorpmanageengine_servicedesk_plusMatch11.111119
OR
zohocorpmanageengine_servicedesk_plusMatch11.111120
OR
zohocorpmanageengine_servicedesk_plusMatch11.111121
OR
zohocorpmanageengine_servicedesk_plusMatch11.111122
OR
zohocorpmanageengine_servicedesk_plusMatch11.111123
OR
zohocorpmanageengine_servicedesk_plusMatch11.111124
OR
zohocorpmanageengine_servicedesk_plusMatch11.111125
OR
zohocorpmanageengine_servicedesk_plusMatch11.111126
OR
zohocorpmanageengine_servicedesk_plusMatch11.111127
OR
zohocorpmanageengine_servicedesk_plusMatch11.111128
OR
zohocorpmanageengine_servicedesk_plusMatch11.111129
OR
zohocorpmanageengine_servicedesk_plusMatch11.111130
OR
zohocorpmanageengine_servicedesk_plusMatch11.111131
OR
zohocorpmanageengine_servicedesk_plusMatch11.111132
OR
zohocorpmanageengine_servicedesk_plusMatch11.111133
VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*
Rows per page:
1-10 of 351

Social References

More

Related

prion 1
cvelist 1
githubexploit 1
nvd 1
prion
prion
Authentication flaw
2021-03-13 19:15:00
cvelist
cvelist
CVE-2020-35682
2021-03-13 18:18:15
githubexploit
githubexploit
Exploit for Incorrect Authorization in Zohocorp Manageengine Servicedesk Plus
2021-03-04 12:43:01
nvd
nvd
CVE-2020-35682
2021-03-13 19:15:11

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON
Related for CVE-2020-35682
prion1cvelist1githubexploit1nvd1