430 matches found
ZOHO ManageEngine Desktop Central Information Disclosure Vulnerability (CNVD-2022-29876)
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO USA. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. The vulnerability...
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...
CVE-2022-23779
CVE-2022-23779 affects Zoho ManageEngine Desktop Central prior to 10.1.2137.8. The vulnerability is an information-disclosure flaw in which the internal server hostname can be learned by reading HTTP redirect responses, notably via the /themes endpoint, where a redirect can leak the internal host...
PT-2022-16262 · Zoho · Zoho Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central versions prior to 10.1.2137.8 Description: The issue allows the exposure of the installed server name to anyone, enabling the discovery of the internal hostname by reading HTTP redirect responses. This can be...
ZOHO ManageEngine Desktop Central 信息泄露漏洞
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO USA. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. The vulnerability...
Vulnerability fixed in Zoho ManageEngine Desktop Central
A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
Default credentials
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 is affected by a privilege-escalation flaw in the ChangeAmazonPasswordServlet. An authenticated, low-privilege user can change other users’ passwords, potentially compromising higher-privilege accounts. The vulnerability is documented across m...
ManageEngine Desktop Central 权限许可和访问控制问题漏洞
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A privilege permissio...
PT-2022-16298 · Zoho · Zoho Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central versions prior to 10.1.2137.10 Description: The issue allows an authenticated user to change any user's login password. Recommendations: For versions prior to 10.1.2137.10, update to version 10.1.2137.10 or...
SRC-2022-0002 : Zoho ManageEngine Desktop Central ChangeAmazonPasswordServlet Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to elevate privileges on affected installations of ManageEngine Desktop Central. Authentication as a low privileged user is required to exploit this vulnerability. The specific flaw exists within the ChangeAmazonPasswordServlet...
Zoho ManageEngine Desktop Central affected by critical vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Zoho has patched a critical vulnerability CVE-2021-44757 in Desktop Central and Desktop Central MSP which are unified endpoint management UEM solutions. A security vulnerability exists in the Desktop Central and Desktop...
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review th...