Issued: Tuesday, 7 December, 2021 |
Last Revision: Tuesday, 7 December, 2021 |
Vendor: |
Product: |
Severity Level: |
There is an authentication bypass vulnerability (CVE-2021-44515) in ManageEngine Desktop Central Product that has been exploited in the wild. Moreover, there is a patch released for (CVE-202144526), another authentication bypass vulnerability in ServiceDesk Plus (help desk application and asset management tool).
An attacker could bypass authentication and execute arbitrary code in the Desktop Central Product server and ServiceDesk Plus by exploiting mentioned vulnerability.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-44515 | Authentication Bypass Vulnerability | n/a |
CVE-2021-44526 | Authentication Bypass Vulnerability | n/a |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2021-44515 | ManageEngine Desktop Central Product |
CVE-2021-44526 | ServiceDesk Plus (on-premises) versions up to 12002 |
Table 2: Vulnerability details
We strongly recommend entities to update Desktop Central Product and ServiceDesk Plus Installations to the latest build as soon as possible to resolve the vulnerability.