Authentication Bypass and Sensitive Information Exposure in Zoho ManageEngine Desktop Central

Authentication Bypass and Sensitive Information Exposure in Zoho ManageEngine Desktop Central

CVE-2021-44757 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

Learn more about our Cis Benchmark Audit For Desktop Software.