CVE-2021-37415

Summary

CVE	CVE-2021-37415
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-09-01 06:15:00 UTC
Updated	2022-07-12 17:42:00 UTC
Description	Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Risk And Classification

EPSS: 0.919710000 probability, percentile 0.996930000 (date 2026-04-02)

CISA KEV: Listed on 2021-12-01; due 2021-12-15; ransomware use Unknown

Problem Types: CWE-306

CISA Known Exploited Vulnerability

Vendor	Zoho
Product	ManageEngine ServiceDesk Plus (SDP)
Name	Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2021-37415

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Servicedesk Plus	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11005	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11006	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11007	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11008	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11009	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11010	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.0	11011	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11100	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11101	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11102	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11103	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11104	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11105	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11106	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11107	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11108	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11109	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11110	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11111	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11112	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11113	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11114	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11115	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11116	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11117	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11118	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11119	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11120	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11121	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11122	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11123	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11124	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11125	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11126	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11127	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11128	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11129	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11130	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11131	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11132	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11133	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11134	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11135	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11136	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11137	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11138	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11139	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11140	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11141	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11142	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11143	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.1	11144	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11200	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11201	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11202	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11203	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11204	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11205	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11206	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.2	11207	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.3	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.3	11300	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	11.3	11301	All	All

References

Reference	Source	Link	Tags
ManageEngine - IT Operations and Service Management Software	MISC	www.manageengine.com
www.manageengine.com/products/service-desk/on-premises/readme.html	CONFIRM	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

376146 Zoho ManageEngine ServiceDesk Plus Authentication Bypass (SD-96823)