Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Manageengine_servicedesk_plus | Zohocorp | 11.0-11005 (including) | 11.0-11005 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11006 (including) | 11.0-11006 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11007 (including) | 11.0-11007 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11008 (including) | 11.0-11008 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11009 (including) | 11.0-11009 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11010 (including) | 11.0-11010 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.0-11011 (including) | 11.0-11011 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1 (including) | 11.1 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11100 (including) | 11.1-11100 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11101 (including) | 11.1-11101 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11102 (including) | 11.1-11102 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11103 (including) | 11.1-11103 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11104 (including) | 11.1-11104 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11105 (including) | 11.1-11105 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11106 (including) | 11.1-11106 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11107 (including) | 11.1-11107 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11108 (including) | 11.1-11108 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11109 (including) | 11.1-11109 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11110 (including) | 11.1-11110 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11111 (including) | 11.1-11111 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11112 (including) | 11.1-11112 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11113 (including) | 11.1-11113 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11114 (including) | 11.1-11114 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11115 (including) | 11.1-11115 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11116 (including) | 11.1-11116 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11117 (including) | 11.1-11117 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11118 (including) | 11.1-11118 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11119 (including) | 11.1-11119 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11120 (including) | 11.1-11120 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11121 (including) | 11.1-11121 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11122 (including) | 11.1-11122 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11123 (including) | 11.1-11123 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11124 (including) | 11.1-11124 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11125 (including) | 11.1-11125 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11126 (including) | 11.1-11126 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11127 (including) | 11.1-11127 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11128 (including) | 11.1-11128 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11129 (including) | 11.1-11129 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11130 (including) | 11.1-11130 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11131 (including) | 11.1-11131 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11132 (including) | 11.1-11132 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11133 (including) | 11.1-11133 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11134 (including) | 11.1-11134 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11135 (including) | 11.1-11135 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11136 (including) | 11.1-11136 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11137 (including) | 11.1-11137 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11138 (including) | 11.1-11138 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11139 (including) | 11.1-11139 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11140 (including) | 11.1-11140 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11141 (including) | 11.1-11141 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11142 (including) | 11.1-11142 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11143 (including) | 11.1-11143 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.1-11144 (including) | 11.1-11144 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2 (including) | 11.2 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11200 (including) | 11.2-11200 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11201 (including) | 11.2-11201 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11202 (including) | 11.2-11202 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11203 (including) | 11.2-11203 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11204 (including) | 11.2-11204 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11205 (including) | 11.2-11205 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11206 (including) | 11.2-11206 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.2-11207 (including) | 11.2-11207 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.3 (including) | 11.3 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.3-11300 (including) | 11.3-11300 (including) |
Manageengine_servicedesk_plus | Zohocorp | 11.3-11301 (including) | 11.3-11301 (including) |
As data is migrated to the cloud, if access does not require authentication, it can be easier for attackers to access the data from anywhere on the Internet.