vulnerability
Zoho ManageEngine ServiceDesk Plus: CVE-2021-37415: Authentication bypass vulnerability in few rest API urls
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 21, 2021 | Mar 10, 2022 | Jul 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 21, 2021
Added
Mar 10, 2022
Modified
Jul 3, 2025
Description
URL comparison was failed at ServiceDesk Plus security filter this issue allows the attackers to invoke the API URLs without authentication.
Solution
zoho-manageengine-servicedesk-plus-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.