CVE-2021-37415

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11302

Description The issue is related to the implementation of the REST API interface in Zoho ManageEngine ServiceDesk Plus, specifically concerning weaknesses in the authentication procedure. This can be exploited by a remote attacker to bypass existing security restrictions, allowing access to certain REST-API URLs without proper authentication.

Recommendations For versions prior to 11302, update to version 11302 or later to resolve the authentication bypass issue. As a temporary workaround, consider restricting access to the REST API endpoints that do not require authentication until a patch is applied.