Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZohocorp Manageengine Servicedesk Plus
APPZohocorp11.011.111.211.3
CISA KEV — detailsi
- Vendori
- Zoho ↗
- Producti
- ManageEngine ServiceDesk Plus (SDP)
- Added to KEVi
- December 1, 2021
- Remediation deadline (US Federal)i
- December 15, 2021(overdue)
Apply updates per vendor instructions.
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Related vulnerabilities
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus bef...
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) be...
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office depl...