Arbitrary Administrator Account Creation Vulnerability in ManageEngine Desktop Central

Arbitrary Administrator Account Creation Vulnerability in ManageEngine Desktop Central

CVE-2014-7862 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

Learn more about our Cis Benchmark Audit For Desktop Software.