CVE-2020-35682

nvd nist

Published: Mar 13, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

Affected (35)

Products: Zohocorp: Manageengine Servicedesk Plus

Zohocorp

1 product

Manageengine Servicedesk Plus

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Before 11.1
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11100
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11101
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11102
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11103
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11104
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11105
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11106
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11107
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11108
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11109
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11110
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11111
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11112
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11113
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11114
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11115
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11116
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11117
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11118
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11119
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11120
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11121
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11122
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11123
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11124
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11125
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11126
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11127
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11128
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11129
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11130
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11131
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11132
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11133

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.