CVE-2021-37415
CRITICAL KEV NUCLEIZohocorp Manageengine Servicedesk Plus - Missing Authentication
Title source: ruleDescription
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Nuclei Templates (1)
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
CRITICALVERIFIEDby daffainfo,jjcho
Shodan:
http.title:"manageengine servicedesk plus"
FOFA:
title="manageengine servicedesk plus"
Scores
CVSS v3
9.8
EPSS
0.9192
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-12-01
VulnCheck KEV
2021-12-01
InTheWild.io
2021-12-01
ENISA EUVD
EUVD-2021-23980
CWE
CWE-306
Status
published
Products (2)
zohocorp/manageengine_servicedesk_plus
11.0 11005 (7 CPE variants)
zohocorp/manageengine_servicedesk_plus
11.1 (43 CPE variants)
Published
Sep 01, 2021
KEV Added
Dec 01, 2021
Tracked Since
Feb 18, 2026