CVE-2021-44757

Published: Jan 18, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

Affected (2)

Products: Zohocorp: Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers

Zohocorp

2 products

Manageengine Desktop Central

Manageengine Desktop Central Managed Service Providers

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Desktop Central	Before 10.1.2137.9
Zohocorp Manageengine Desktop Central Managed Service Providers	Before 10.1.2137.9

References (2)

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022

Source: cve@mitre.org

Vendor Advisory

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.