CVE-2021-37415CISA KEVEPSS p99.9%

CVE-2021-37415Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho / ManageEngine ServiceDesk Plus (SDP)

Description

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Scoring

EPSS99.58% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-12-01

(incoming)1

TypeTargetConfidenceTier
KEVEntryZoho ManageEngine ServiceDesk Authentication Bypass Vulnerabilitykev-cve-2021-374150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
CVE
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
CVE
Zoho Desktop Central Authentication Bypass Vulnerability
CVE
CVE-2025-11250
CVE
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
CVE
CVE-2026-3324
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.