CVE-2021-44757

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.1CRITICAL

EPSS

41.2%

top 2.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Desktop Central Zohocorp Manageengine Desktop Central Managed Service Providers

Timeline

PublishedJan 18

Latest updateJan 19

Description

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDzohocorp/manageengine_desktop_central< 10.1.2137.9

▶NVDzohocorp/manageengine_desktop_central_managed_service_providers< 10.1.2137.9

🔴Vulnerability Details

GHSA

GHSA-gqgc-m3vm-cxhj: Zoho ManageEngine Desktop Central before 10↗2022-01-19

▶

CVEList

CVE-2021-44757: Zoho ManageEngine Desktop Central before 10↗2022-01-18

▶