In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZohocorp Manageengine Supportcenter Plus
APPZohocorp11.0
Related vulnerabilities
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus bef...
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedule...
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office depl...
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 72...