Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-37415
HistorySep 01, 2021 - 6:15 a.m.

CVE-2021-37415

2021-09-0106:15:06
CWE-306
[email protected]
web.nvd.nist.gov
4
zoho manageengine
servicedesk plus
authentication bypass
rest-api
vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.931

Percentile

99.1%

JSON

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Affected configurations

Nvd
Node
zohocorpmanageengine_servicedesk_plusMatch11.011005
OR
zohocorpmanageengine_servicedesk_plusMatch11.011006
OR
zohocorpmanageengine_servicedesk_plusMatch11.011007
OR
zohocorpmanageengine_servicedesk_plusMatch11.011008
OR
zohocorpmanageengine_servicedesk_plusMatch11.011009
OR
zohocorpmanageengine_servicedesk_plusMatch11.011010
OR
zohocorpmanageengine_servicedesk_plusMatch11.011011
OR
zohocorpmanageengine_servicedesk_plusMatch11.1-
OR
zohocorpmanageengine_servicedesk_plusMatch11.111100
OR
zohocorpmanageengine_servicedesk_plusMatch11.111101
OR
zohocorpmanageengine_servicedesk_plusMatch11.111102
OR
zohocorpmanageengine_servicedesk_plusMatch11.111103
OR
zohocorpmanageengine_servicedesk_plusMatch11.111104
OR
zohocorpmanageengine_servicedesk_plusMatch11.111105
OR
zohocorpmanageengine_servicedesk_plusMatch11.111106
OR
zohocorpmanageengine_servicedesk_plusMatch11.111107
OR
zohocorpmanageengine_servicedesk_plusMatch11.111108
OR
zohocorpmanageengine_servicedesk_plusMatch11.111109
OR
zohocorpmanageengine_servicedesk_plusMatch11.111110
OR
zohocorpmanageengine_servicedesk_plusMatch11.111111
OR
zohocorpmanageengine_servicedesk_plusMatch11.111112
OR
zohocorpmanageengine_servicedesk_plusMatch11.111113
OR
zohocorpmanageengine_servicedesk_plusMatch11.111114
OR
zohocorpmanageengine_servicedesk_plusMatch11.111115
OR
zohocorpmanageengine_servicedesk_plusMatch11.111116
OR
zohocorpmanageengine_servicedesk_plusMatch11.111117
OR
zohocorpmanageengine_servicedesk_plusMatch11.111118
OR
zohocorpmanageengine_servicedesk_plusMatch11.111119
OR
zohocorpmanageengine_servicedesk_plusMatch11.111120
OR
zohocorpmanageengine_servicedesk_plusMatch11.111121
OR
zohocorpmanageengine_servicedesk_plusMatch11.111122
OR
zohocorpmanageengine_servicedesk_plusMatch11.111123
OR
zohocorpmanageengine_servicedesk_plusMatch11.111124
OR
zohocorpmanageengine_servicedesk_plusMatch11.111125
OR
zohocorpmanageengine_servicedesk_plusMatch11.111126
OR
zohocorpmanageengine_servicedesk_plusMatch11.111127
OR
zohocorpmanageengine_servicedesk_plusMatch11.111128
OR
zohocorpmanageengine_servicedesk_plusMatch11.111129
OR
zohocorpmanageengine_servicedesk_plusMatch11.111130
OR
zohocorpmanageengine_servicedesk_plusMatch11.111131
OR
zohocorpmanageengine_servicedesk_plusMatch11.111132
OR
zohocorpmanageengine_servicedesk_plusMatch11.111133
OR
zohocorpmanageengine_servicedesk_plusMatch11.111134
OR
zohocorpmanageengine_servicedesk_plusMatch11.111135
OR
zohocorpmanageengine_servicedesk_plusMatch11.111136
OR
zohocorpmanageengine_servicedesk_plusMatch11.111137
OR
zohocorpmanageengine_servicedesk_plusMatch11.111138
OR
zohocorpmanageengine_servicedesk_plusMatch11.111139
OR
zohocorpmanageengine_servicedesk_plusMatch11.111140
OR
zohocorpmanageengine_servicedesk_plusMatch11.111141
OR
zohocorpmanageengine_servicedesk_plusMatch11.111142
OR
zohocorpmanageengine_servicedesk_plusMatch11.111143
OR
zohocorpmanageengine_servicedesk_plusMatch11.111144
OR
zohocorpmanageengine_servicedesk_plusMatch11.2-
OR
zohocorpmanageengine_servicedesk_plusMatch11.211200
OR
zohocorpmanageengine_servicedesk_plusMatch11.211201
OR
zohocorpmanageengine_servicedesk_plusMatch11.211202
OR
zohocorpmanageengine_servicedesk_plusMatch11.211203
OR
zohocorpmanageengine_servicedesk_plusMatch11.211204
OR
zohocorpmanageengine_servicedesk_plusMatch11.211205
OR
zohocorpmanageengine_servicedesk_plusMatch11.211206
OR
zohocorpmanageengine_servicedesk_plusMatch11.211207
OR
zohocorpmanageengine_servicedesk_plusMatch11.3-
OR
zohocorpmanageengine_servicedesk_plusMatch11.311300
OR
zohocorpmanageengine_servicedesk_plusMatch11.311301
VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.0cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus11.1cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*
Rows per page:
1-10 of 651

Related

nessus 1
cvelist 1
cve 1
prion 1
cnvd 1
cisa_kev 1
attackerkb 1
checkpoint_advisories 1
cisa 1
qualysblog 1
nessus
nessus
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
2022-02-04 00:00:00
cvelist
cvelist
CVE-2021-37415
2021-09-01 05:29:11
cve
cve
CVE-2021-37415
2021-09-01 06:15:06
prion
prion
Authentication flaw
2021-09-01 06:15:00
cnvd
cnvd
ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability
2021-09-03 00:00:00
cisa_kev
cisa_kev
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
2021-12-01 00:00:00
attackerkb
attackerkb
CVE-2021-37415
2021-09-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine ServiceDesk Authentication Bypass (CVE-2021-37415)
2022-02-16 00:00:00
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.931

Percentile

99.1%

JSON
Related for NVD:CVE-2021-37415
nessus1cvelist1cve1prion1cnvd1cisa_kev1attackerkb1checkpoint_advisories1cisa1qualysblog1