|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-12-21 | |
| Rule Name: | Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows, Others | |
| Reference: | https://www.manageengine.com https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 |