Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10600 (including) | 10.6-10600 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10601 (including) | 10.6-10601 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10602 (including) | 10.6-10602 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10603 (including) | 10.6-10603 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10604 (including) | 10.6-10604 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10605 (including) | 10.6-10605 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10606 (including) | 10.6-10606 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10607 (including) | 10.6-10607 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10608 (including) | 10.6-10608 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10609 (including) | 10.6-10609 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.6-10610 (including) | 10.6-10610 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 13.0-13000 (including) | 13.0-13000 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 13.0-13001 (including) | 13.0-13001 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 13.0-13002 (including) | 13.0-13002 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 13.0-13003 (including) | 13.0-13003 (including) |