CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication Vendor/Product: Zoho ManageEngine ServiceDesk Plus (SDP). Added to CISA KEV 2021-12-01; required action: Apply updates per vendor instructions.