Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
References
Configurations
Configuration 1 (hide)
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
24 Jan 2022, 19:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zohocorp manageengine Desktop Central
Zohocorp manageengine Desktop Central Managed Service Providers Zohocorp |
|
CWE | CWE-287 | |
References | (MISC) https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
CPE | cpe:2.3:a:zohocorp:manageengine_desktop_central_managed_service_providers:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* |
18 Jan 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-18 10:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-44757
Mitre link : CVE-2021-44757
CVE.ORG link : CVE-2021-44757
JSON object : View
Products Affected
zohocorp
- manageengine_desktop_central_managed_service_providers
- manageengine_desktop_central
CWE