1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Known Exploited Vulnerabilities CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-37415 Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability allows a few REST-API URLs without authentication.
References
  1. https://digital.nhs.uk/cyber-alerts/2021/cc-3985