4 matches found
ManageEngine Desktop Central Java Deserialization
This module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...
Remote code execution
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets...
Critical Zoho Zero-Day Flaw Disclosed
UPDATE A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Zoho has now released a security update addressing the vulnerability. As of...
CVE-2020-10189
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets...