CVE-2021-37415 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2021-37415

Zoho | ManageEngine ServiceDesk Plus (SDP)Added 2021-12-01Remediation Deadline 2021-12-15

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-306

References

https://nvd.nist.gov/vuln/detail/CVE-2021-37415