ManageEngine Pitstop | Community and Support forums

                New to ADSelfService Plus?

                      • Announcements

                      • Spring4Shell RCE vulnerability [CVE-2022-22965] - All you need to know

                        About the vulnerability: Tracked by CVE-2022-22965, the Spring4Shell is a zero-day vulnerability arising in the Spring Core Framework. CVE ID Description  Impact CVE-2022-22965 Remote Code Execution Zero-day * The CVE-2022-22965 has been published. ​
                      • Fix for Security Issue in Mobile Device Manager Plus

                        Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality.  To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploiting this
                      • Fix for Security Issue in Mobile Device Manager Plus

                        Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
                      • Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus

                        Mobile Device Manager Plus has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat.  The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
                      • Fix for Security Issue in Mobile Device Manager Plus

                        Mobile Device Manager Plus has fixed a cross-site scripting (XSS) vulnerability recently detected by Ken Pyle, in it's latest update. This vulnerability allowed a user to view the cookies by running a param on the product login page. The security fix is available in build # 92698 and above. You can download the latest build from here. Follow #mdm-security for all security related updates in Mobile Device Manager Plus.