virus logo Client Application Firewall

ManageEngine.ServiceDesk.CVE-2021-37415.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Zoho Corporation ServiceDesk Plus.
The vulnerability is due to an error in normalizing REST API URLs before applying security filtering. A remote attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow the attacker to bypass authentication.

affected-products-logoAffected Products

Zoho Corporation ServiceDesk Plus prior to 11302

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302

Version Updates

Date Version Status Detail
2024-12-04 29.915
Modified
 Sig Added
2023-08-07 25.615
Modified
 Name:Zoho.
ME.
ServiceDesk.
Plus.
CVE-2021-37415.
Authentication.
Bypass:ManageEngine.
ServiceDesk.
CVE-2021-37415.
Authentication.
Bypass
ID 51004
Created Dec 10, 2021
Updated Dec 04, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 91.97%
Default Action drop
Affected OS Windows, Linux
Affected App Other
Profile Type Permission/Privilege/Access Control