The host is installed with Zoho ManageEngine ServiceDesk Plus (SDP) before build 14004, Zoho ManageEngine ServiceDesk Plus MSP before 13001 or Zoho ManageEngine SupportCenter Plus 11017 before 11026 or Zoho ManageEngine ADSelfService Plus before 6211 and is prone to an unauthenticated remote code execution vulnerability. The flaws are present in the application due to the usage of an outdated third party dependency, Apache Santuario. Successful exploitation allows an unauthenticated attacker to execute arbitrary code and carry out any subsequent attacks.