Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37415

KEV EPSS 92.81% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-37415

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine ServiceDesk Plus(SDP)是美国卓豪(ZOHO)公司的一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。 Zoho ManageEngine ServiceDesk Plus 存在访问控制错误漏洞,该漏洞源于产品中的一些API缺少验证限制。攻击者可通过该漏洞在没有鉴权的情况下访问敏感链接。以下产品及版本受到影响:Zoho ManageEngine ServiceDesk Plus 11
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-37415

#POC DescriptionSource LinkShenlong Link
1Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37415.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-37415

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-09-01 · 37 CVEs total

CVE-2021-234278.6 HIGHArbitrary File Write via Archive Extraction (Zip Slip)
CVE-2021-234288.6 HIGHDirectory Traversal
CVE-2021-234265.6 MEDIUMPrototype Pollution
CVE-2021-234365.6 MEDIUMPrototype Pollution
CVE-2021-234385.6 MEDIUMPrototype Pollution
CVE-2021-39373Samsung H3安全漏洞
CVE-2021-40350Christie Digital DWU850-GS 授权问题漏洞
CVE-2021-35508TeraRecon AQNetClient安全漏洞
CVE-2021-39379Open Solutions For Education openSIS SQL注入漏洞
CVE-2021-39377Open Solutions For Education openSIS SQL注入漏洞
CVE-2021-40382Compro Camera 安全漏洞
CVE-2021-39378Open Solutions For Education openSIS SQL注入漏洞
CVE-2021-40352OpenEMR 日志信息泄露漏洞
CVE-2021-38703KPN Experia WiFi 安全漏洞
CVE-2020-9002iPortalis 输入验证错误漏洞
CVE-2020-9000iPortalis 资源管理错误漏洞
CVE-2021-33582Cyrus IMAP 加密问题漏洞
CVE-2021-36235Ivanti Workspace Control 授权问题漏洞
CVE-2021-40353Open Solutions For Education openSIS SQL注入漏洞
CVE-2020-20341Yzmcms 代码问题漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-37415

No comments yet

Leave a comment