2 matches found
CVE-2015-2560
CVE-2015-2560 affects ManageEngine Desktop Central 9 before build 90135. The flaw in DCOperationsServlet (addOrModifyUser) allows remote unauthenticated users to change Administrator (DCAdmin) passwords, enabling full or partial admin access. Remediation: update to build 90135 or apply vendor gui...
Manage Engine Desktop Central 9 - CVE-2015-2560 - Unauthorised administrative password reset
A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version build 90130. This may affect earlier releases as well. The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the ‘Administrator’ ro...