← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-37415 — Actively Exploited: ManageEngine ServiceDesk Plus (SDP) (Zoho)

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

CVE IDCVE-2021-37415
VendorZoho
ProductManageEngine ServiceDesk Plus (SDP)
Vulnerability nameZoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Date added2021-12-01
Remediation due2021-12-15
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionZoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →