CVE-2021-37415
CRITICAL KEV NUCLEIZoho ManageEngine ServiceDesk Plus < 11302 - Unauthenticated Authentication Bypass via REST-API URLs
Title source: llmExploitation Summary
CVE-2021-37415 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 1, 2021. A Nuclei detection template is also available.
Description
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Nuclei Templates (1)
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
CRITICALVERIFIEDby daffainfo,jjcho
Shodan:
http.title:"manageengine servicedesk plus"
FOFA:
title="manageengine servicedesk plus"
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.manageengine.com
Release Notes x_refsource_confirm
https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-37415
Scores
CVSS v3
9.8
EPSS
0.9276
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2021-12-01
VulnCheck KEV
2021-12-01
InTheWild.io
2021-12-01
ENISA EUVD
EUVD-2021-23980
CWE
CWE-306
Status
published
Products (2)
zohocorp/manageengine_servicedesk_plus
11.0 11005 (7 CPE variants)
zohocorp/manageengine_servicedesk_plus
11.1 (43 CPE variants)
Published
Sep 01, 2021
KEV Added
Dec 01, 2021
Tracked Since
Feb 18, 2026