Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
[DidYouKnow-38] Unable to start ServiceDesk Plus as service
Some of us would have come across a situation, where ServiceDesk Plus works only through CMD prompt by executing the RUN.bat (batch file) and fails to start as service. This situation most likely occurs after application restores or migrating the application to another drive on the same server. The reason behind this issue is, the ServiceDesk Plus service is already registered with an old installation, the server will not allow the same service to get registered again on the same name. We can fix
How to identify and mitigate the unauthenticated product integration vulnerability.
Some versions of ADAudit Plus have the unauthenticated change to integration system vulnerability. This article explains how you can identify if your ADAudit Plus installation is affected, and fix it. It also offers the mitigation steps to protect your installation in case it is not affected. What is the issue? ADAudit Plus had a vulnerable endpoint which allowed a user to integrate ADAudit Plus with any other supported ManageEngine product, bypassing authentication. This could lead to a data
Exchange Reporter Plus build 5510 released with enhancements and issue fixes
Hello Everyone! We have released a new build of Exchange Reporter Plus, 5510. This release features security enhancements and bug fixes. Enhancement: Users can now use LDAPS to secure all communications between Exchange Reporter Plus and Active Directory. Public Folder Replicas report generation speed has been enhanced. Issue Fixes: The CVE-2020-24786 vulnerability, which allowed unauthenticated changes to the integration system's configuration, as reported by Florian Hauser, has been fixed. Issue
[Tips & Tricks] Guide to manage your asset license and Inventory tracking
Tracking IT or Non-IT assets becomes a task for the IT admin. We end up switching tabs and applications in and out to go through our existing inventory. Being an IT Admin with ServiceDesk Plus have you ever wondered what's eating up the license? Follow this trick to save up some license counts. Steps : Visit the Dashboard and click on the "Asset" tab. Click on "View all" for an asset summary. Once on the summary page, asset count will be highlighted, also Non-IT assets with ServiceDesk Plus has no
PAM360 - Security Hotfix Release - 4501
Hi, PAM360 4501 has been released and is now available for download. This release comes with an important and most awaited security fix. Please see our Release Notes to learn in detail about the same. How to Upgrade to Build 4501? If you are an existing customer of PAM360, download the upgrade pack from the following page: https://www.manageengine.com/privileged-access-management/upgradepack.html IMPORTANT NOTE: Please save a copy of the entire PAM360 installation folder in a local folder. This
Password Manager Pro - Security Hotfix Release - 10406
Hi, Password Manager Pro 10406 has been released and is now available for download. This release comes with an important and most awaited security fix. For more details, please see our Release Notes. How to Upgrade to Build 10406? If you are an existing customer of Password Manager Pro, download the upgrade pack from the following page https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html IMPORTANT NOTE: Please save a copy of the entire Password Manager Pro installation folder
How to fix the unauthenticated product integration vulnerability
Hello Everyone, We wanted to let you know that a security vulnerability was detected in AD360 and we have fixed it. This article explains how you can fix this issue. What is the issue? AD360 had a vulnerable endpoint which allowed a user to integrate AD360 with any other supported ManageEngine product, bypassing authentication. This could lead to data leak. Which version of AD360 is affected? All AD360 builds below 4228 are affected. What is the severity level of the vulnerability? This is a critical
How to identify and mitigate the unauthenticated product integration vulnerability?
Some versions of RecoveryManager Plus have the unauthenticated change to integration system vulnerability (CVE-2020-24786) as reported by Florian Hauser. This article explains how you can identify if your RecoveryManager Plus installation is affected, and fix it. What is the issue? RecoveryManager Plus had a vulnerable endpoint which allowed a user to integrate RecoveryManager Plus with any other supported ManageEngine product, bypassing authentication. This could lead to data leak. Which version
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
Mobile Device Manager Plus- Free Training
Join us on 26th May, 2nd and 9th June 2020 at 6:30 GMT or 11:30 EDT for a free training session on ManageEngine's enterprise mobility management solution - Mobile Device Manager Plus! Following topics will be covered on May 26: Device Onboarding and Provisioning: Enrollment methods to manage BYOD and corporate devices Applying corporate configurations like VPN, e-mail and Wi-Fi to devices Containerizing corporate data on personally-owned devices Monitoring devices accessing organization's corporate
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
[Announcement] Launching advanced analytics for Jira Software
Hey there, We're so excited to announce the release of Analytics Plus version 4460. In this release, we are introducing out-of-the-box integration with Jira Software Cloud and Jira Software Server. For everyone who's interested in knowing more about this integration, we're having an on-demand webinar, titled, Streamline project management with advanced analytics for Jira Software. During the session, you can learn how to, Generate over 100 reports and dashboards based on your historic Jira Software
Microsoft Windows Elevation Of Privilege Vulnerability
Dear users, As you may all be already aware that there is an elevation of privilege vulnerability exists in Microsoft Windows that could allow a man-in-the-middle attacker to successfully forward an authentication request to a Windows LDAP server, such as a system running AD DS or AD LDS, which has not configured to require signing or sealing on incoming connections. More information can be referred from the below article. https://support.microsoft.com/en-ae/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows
OpUtils - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of OpUtils v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited by
Firewall Analyzer - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of Firewall Analyzer v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
NetFlow Analyzer - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of NetFlow Analyzer v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
Network Configuration Manager- Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of Network Configuration Manager v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This
OpManager - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of OpManager v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
[Free webinar] ESM: How to rise to meet new service management challenges
We hope you all are safe and healthy. It’s our pleasure to bring you our webinar "ESM: How to rise to meet new service management challenges," featuring Forrester Principal Analyst Charles Betz, on May 27 at 9am PDT. With remote work becoming the new norm, service management professionals across companies now need to deliver services remotely. Employees can no longer just walk up to the service desk team when they need something. In this scenario, a single corporate portal that acts as the
ServiceDesk Plus MSP - version 10.5 - Build - 10507 Released
Dear User(s) We released ServiceDesk Plus MSP - version 10.5 - Build - 10507. Please refer to the Migration path table available here and upgrade to our latest build 10507. Behavior changes Agent Uninstall and Agent Remote Control functionalities have been removed from the application. Issues Fixed XSS Vulnerabilities are fixed. CSRF Vulnerabilities are fixed. Privilege escalation vulnerabilities are fixed. Remote code execution vulnerability in the windows agent scan is fixed. XXE vulnerabilities
[Blog] Benefits of Knowledge Management
Organizations that implement and maintain effective knowledge management see a substantial outcome as it helps: Reducing redundant works thus increases productivity and efficiency. Leveraging past experiences help to solve issues quicker. Providing better services to users. Users finding relevant information and resources themselves. Avoiding repeated mistakes. Accessing unique expertise widely. Knowledge management systems are proven effective in helping build more efficient work teams
User/technician API v3 changes over the ESM (11000) release
Dear Customers, Hope you are all aware that we are working on the next version of API (v3) now. We would like to share a part of this API v3 before the ESM release. So customers can be well prepared to adapt the new API changes anytime. Requester/technician related APIs(v1/v2) wont be supported anymore after the ESM (11000) release. You may need to update your existing requester/technician related API's with this latest v3 version. The ESM version has some changes towards the user/technician
[Tips & Tricks] Problem Management made simple
It is the process which is followed to deal with recurring issues and those incidents that don't have a solution so that we could reduce the disruption caused to the Service and increase the satisfaction of the End Users. Just like in comic books, Problem Management is one of the Heroes that could help in finding out the root causes and solutions to fix what goes wrong. Best Practices: Identify: The issue that proves to be recurring and pain should be identified in order to be considered as a Problem
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Desktop Central server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
[Tips & Tricks] HelpDesk Admin
Hello folks, We had quite a lot of users requesting for a role that provides full access to helpdesk management. Thus reduces the workload of SDAdmin. Upon discussing with many of our users, we have now introduced default "Helpdesk Config role" that allows to perform all request related customizations/operations across ServiceDesk. A technician associated with this role can perform periodic reviews and amendments of existing process, cascading knowledge update to the team and driving/leading the
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Next Page