Issued: Wednesday, 19 January, 2022 |
Last Revision: Wednesday, 19 January, 2022 |
Vendor: |
|
Severity Level: |
The Desktop Central and Desktop Central MSP platforms of Zoho ManageEngine are affected by a new security flaw, tracked as CVE-2021-44757.
It is described as an authentication bypass vulnerability, which could allow an attacker to execute unauthorized actions on the affected platform. If exploited, it could allow an attacker to read unauthorized data or write arbitrary data on the server.
This vulnerability has been fixed on January 17, 2022, and the mitigation is available in the latest versions of Desktop Central and Desktop Central MSP.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-44757 | Authentication bypass vulnerability | n/a |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2021-44757 | Zoho ManageEngine Desktop Central and Desktop Central MSP platforms prior to version10.1.2137.9. |
Table 2: Vulnerable versions
Organizations are strongly encouraged to update to the latest build, as well follow ManageEngine security hardening guidelines to secure the Desktop Central and Desktop Central MSP installations.