Lucene search
K

430 matches found

CNVD
CNVD
added 2022/03/04 12:0 a.m.21 views

ZOHO ManageEngine Desktop Central Information Disclosure Vulnerability (CNVD-2022-29876)

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO USA. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. The vulnerability...

5.3CVSS0.5AI score0.1514EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/02 3:15 p.m.6 views

CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...

5.3CVSS6AI score0.1514EPSS
Exploits2References3
OSV
OSV
added 2022/03/02 3:15 p.m.5 views

CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...

5.3CVSS5.8AI score0.1514EPSS
Exploits2References1
NVD
NVD
added 2022/03/02 3:15 p.m.38 views

CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...

5.3CVSS0.1514EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/03/02 2:31 p.m.37 views

CVE-2022-23779

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...

5.5AI score0.1514EPSS
Exploits2References1
CVE
CVE
added 2022/03/02 2:31 p.m.140 views

CVE-2022-23779

CVE-2022-23779 affects Zoho ManageEngine Desktop Central prior to 10.1.2137.8. The vulnerability is an information-disclosure flaw in which the internal server hostname can be learned by reading HTTP redirect responses, notably via the /themes endpoint, where a redirect can leak the internal host...

5.3CVSS5.2AI score0.1514EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/02 12:0 a.m.6 views

PT-2022-16262 · Zoho · Zoho Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central versions prior to 10.1.2137.8 Description: The issue allows the exposure of the installed server name to anyone, enabling the discovery of the internal hostname by reading HTTP redirect responses. This can be...

5.3CVSS5.1AI score0.1514EPSS
Exploits2References7
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.3 views

ZOHO ManageEngine Desktop Central 信息泄露漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO USA. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. The vulnerability...

5.3CVSS5.8AI score0.1514EPSS
Exploits2References2
NCSC
NCSC
added 2022/02/03 12:0 a.m.6 views

Vulnerability fixed in Zoho ManageEngine Desktop Central

A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.6AI score0.0192EPSS
Exploits1
NVD
NVD
added 2022/01/28 4:15 p.m.24 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

6.5CVSS0.0192EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/28 4:15 p.m.8 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

6.5CVSS6.6AI score0.0192EPSS
Exploits1References2
OSV
OSV
added 2022/01/28 4:15 p.m.4 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

6.5CVSS5.8AI score0.0192EPSS
Exploits1References1
Prion
Prion
added 2022/01/28 4:15 p.m.20 views

Default credentials

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

4CVSS6.3AI score0.0192EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 3:33 p.m.22 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

6.5AI score0.0192EPSS
Exploits1References1
CVE
CVE
added 2022/01/28 3:33 p.m.62 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 is affected by a privilege-escalation flaw in the ChangeAmazonPasswordServlet. An authenticated, low-privilege user can change other users’ passwords, potentially compromising higher-privilege accounts. The vulnerability is documented across m...

6.5CVSS6.3AI score0.0192EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.5 views

ManageEngine Desktop Central 权限许可和访问控制问题漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A privilege permissio...

6.5CVSS6.6AI score0.0192EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.5 views

PT-2022-16298 · Zoho · Zoho Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central versions prior to 10.1.2137.10 Description: The issue allows an authenticated user to change any user's login password. Recommendations: For versions prior to 10.1.2137.10, update to version 10.1.2137.10 or...

6.5CVSS6.4AI score0.0192EPSS
Exploits1References4
Source Incite
Source Incite
added 2022/01/20 12:0 a.m.113 views

SRC-2022-0002 : Zoho ManageEngine Desktop Central ChangeAmazonPasswordServlet Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to elevate privileges on affected installations of ManageEngine Desktop Central. Authentication as a low privileged user is required to exploit this vulnerability. The specific flaw exists within the ChangeAmazonPasswordServlet...

6.5CVSS6.6AI score0.0192EPSS
Exploits1
hivepro
hivepro
added 2022/01/19 1:49 p.m.38 views

Zoho ManageEngine Desktop Central affected by critical vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Zoho has patched a critical vulnerability CVE-2021-44757 in Desktop Central and Desktop Central MSP which are unified endpoint management UEM solutions. A security vulnerability exists in the Desktop Central and Desktop...

6.4CVSS0.1AI score0.24195EPSS
Exploits0
CISA
CISA
added 2022/01/19 12:0 a.m.39 views

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

Zoho has released a security advisory to address an authentication bypass vulnerability CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review th...

6.4CVSS2.7AI score0.24195EPSS
Exploits0References3
Rows per page
Query Builder