CVE-2020-35682

HIGH

ManageEngine ServiceDesk Plus < 11134 - Authentication Bypass via SAML Login

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35682. PoCs published by its-arun.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-35682, an authentication bypass vulnerability in ManageEngine ServiceDesk Plus. The exploit leverages SAML login to escalate privileges from a low-privilege user to administrator and achieve remote code execution (RCE).

Description

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

Exploits (1)

nomisec WORKING POC 8 stars

by its-arun · poc

https://github.com/its-arun/CVE-2020-35682

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-35682, an authentication bypass vulnerability in ManageEngine ServiceDesk Plus. The exploit leverages SAML login to escalate privileges from a low-privilege user to administrator and achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine ServiceDesk Plus <11134

Auth required

Prerequisites: SAML login enabled on target · Valid low-privilege user credentials

MITRE ATT&CK

T1550.001 - Application Access Token T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134

Scores

CVSS v3 8.8

EPSS 0.0722

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-863

Status published

Products (2)

zohocorp/manageengine_servicedesk_plus 11.1 11100 (34 CPE variants)

zohocorp/manageengine_servicedesk_plus < 11.1

Published Mar 13, 2021

Tracked Since Feb 18, 2026