Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_desktop_central
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-10 | CVE-2021-37414 | Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | Manageengine_desktop_central | 7.5 | ||
| 2022-01-10 | CVE-2021-46165 | Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | Manageengine_desktop_central | 7.8 | ||
| 2022-01-10 | CVE-2021-46164 | Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | Manageengine_desktop_central | 8.8 | ||
| 2022-01-10 | CVE-2021-46166 | Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | Manageengine_desktop_central | 6.5 | ||
| 2022-01-18 | CVE-2021-44757 | Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | Manageengine_desktop_central, Manageengine_desktop_central_managed_service_providers | 9.1 | ||
| 2022-01-28 | CVE-2022-23863 | Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | Manageengine_desktop_central | 6.5 | ||
| 2022-03-02 | CVE-2022-23779 | Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | Manageengine_desktop_central | 5.3 | ||
| 2023-11-03 | CVE-2023-4767 | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | Manageengine_desktop_central | 6.1 | ||
| 2023-11-03 | CVE-2023-4768 | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. | Manageengine_desktop_central | 6.1 | ||
| 2023-11-03 | CVE-2023-4769 | A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | Manageengine_desktop_central | 8.8 |