vulnerability
Zoho ManageEngine ServiceDesk Plus: CVE-2021-37415: Authentication bypass vulnerability in few rest API urls
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 21, 2021 | Mar 10, 2022 | Mar 27, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 21, 2021
Added
Mar 10, 2022
Modified
Mar 27, 2026
Description
URL comparison was failed at ServiceDesk Plus security filter this issue allows the attackers to invoke the API URLs without authentication.
Solution
zoho-manageengine-servicedesk-plus-upgrade-latest
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.