log4j
Hi there, I have seen and implemented the fix for AD Manager but I also need a fix for eventlog analyzer and elastic search/log 360 under the Managine Engine folder. Do you have the requirements for these?
[Security advisory for CVE-2021-44525] Authentication bypass vulnerability in ManageEngine Password Manager Pro
Hi there, The security advisory addresses an authentication bypass vulnerability identified in the product, ManageEngine Password Manager Pro versions up to 12001 [CVE-2021-44525].Given the severity of this vulnerability, we strongly urge all customers
Deprecation of few existing internal APIs
Dear users, We would like to inform you all that existing APIs used for "System Update Notification" and "Product Overview" will be deprecated from version 12004 and the support will be completely removed by March 2022. We highly recommend you to switch
Change Management - Approval & CAB
Hi, Change Management - We have 1st approval, 2nd approval and 3rd conditional approval processes at the consultancy stage. However, we are not able to display approval approvals in the advisory area. We are greeted with the note "This Change is configured
Log4j AD Audit Plus CVE-2021-44228
Hi, i found Log4j-* in /ManageEngine/ADAuditPlus/apps/dataengine-xnode/lib Is there any fix or workaround?
Replacing default image
Hello, I'm trying to replace logos on SDP. I was able to customize the login page, but when requesters passwords expired, or they were forced to create a new password, the opened page for the new password shows the default logo of the SDP. I couldn't
Service Desk Plus - Apache Log4j 2
Hi, According to the recent "Apache Log4j Security Vulnerabilities", may I know how to identify the versions of the Log4j.jar. Current file I have is dated 5/5/2020. And please advise how to apply the fix? Note: I cannot find the "log4j-core" in directory.
[Security Advisory] Supportcenter Plus is not affected by CVE-2021-44228
Dear Users, We would like to inform you that Supportcenter Plus is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework. What is CVE-2021-44228 vulnerability? According to the Apache foundation, the reported
Important: SDP IOS Push Notification certificate has expired
Dear User ServiceDesk Plus IOS push notification certificate expired on 12th December 2021. Hence to overcome push notification issue, please follow the below steps : 1. Shut down the Servicedesk Plus application. 2. Navigate into <SDP_home>\conf folder.
CVE-2021-44228 AKA Log4j vulnerability for App Manager
Hello, Has it been determined if the latest build of Application Manager Plus is affected by the log4j vulnerability? If so what remediation/mitigation steps should be taken?
Looking for Comment on the log4j vulnerability
Looking for Comment on the log4j vulnerability and how ServiceDesk MSP is specifically affected. I don't see that there's been a comprehensive statement regarding ManageEngine products overall. https://pitstop.manageengine.com/portal/en/community/topic/log4j-cve-2021-44228-query-manage-engine-service-desk-plus
Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832
In Log360 UEBA , the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers
ServiceDesk Plus Log4j.jar
Is anyone aware of plans for Zoho to update Log4j in ServiceDesk Plus? Current file I have ServiceDesk\lib\log4j.jar is dated 17/03/2020 and there are no new service packs that I can see that related to the recently announced security vulnerabilities.
Netflow Analyzer Enterprise 12.5 vulnerability to log4j?
Hi, I see that Netflow Analyzer Enterprise 12.5 is using log4j 1.x (which is 6 years End of Life so you might want to think about updating?). According to RedHat this might be suspectible to the same vulnerability as log4j <2.5 if the configuration uses
Assets - Software Description
I am unable to add a description to scanned software. When I click on the description of any software entry, it pops a screen that appears that I should be able to add a description, but the field does not allow for any input. We are looking to be able
System Log Errors
I'm not actually seeing this break anything. But I have a couple Preventative Maintenance Task Templates built. Each one of those has a handful of Task Templates added to it. Each one of these task throws an error (pictured) when the task is triggered
[Security advisory for CVE-2021-44525] Authentication bypass vulnerability in ManageEngine PAM360
Hi there, The security advisory addresses an authentication bypass vulnerability identified in the product, ManageEngine PAM360 versions up to 5302 [CVE-2021-44525]. Given the severity of this vulnerability, we strongly urge all customers using PAM360
Google Secure LDAP
We use Google Workspace as our source of truth for users. Is there any plan for Google Secure LDAP to work with Password Manager Pro? https://support.google.com/a/answer/9048516
Migrate from Postgres to MSSQL - Incompatible Database Version - SDP v11309
Hello, I´m trying to migrate from Postgres to MSSQL following the official article (https://pitstop.manageengine.com/portal/en/kb/articles/how-to-change-the-database-from-mysql-postgresql-to-mssql#heading_15155145025680) but, when I want to restore the
Upgrade problem from 11307 to 12000
While upgrading from 11307 to 12000 got folowing error: Nov 28, 2021 6:45:36 PM [com.adventnet.tools.update.installer.Unzipper] [SEVERE] : ERR:Exception while writing file.java.io.IOException: Entry is outside of the target dir: mickeylite_update.jar
Apache Log4j Vulnerability (CVE-2021-44228) Fix in Log360 UEBA
The recent Apache Log4j security vulnerability (CVE-2021-44228) was publicly disclosed on December 9, 2021. It allows unauthenticated remote code execution in applications that use Apache's log4j versions above 2.0 and below 2.15.0. Log360 UEBA uses
See file name/path details in file scan inventory
Is there a way to see the details of the file scan? I need to know what files are located on a machine and where they reside. Simply seeing that there are 4304 .jar files on a computer isn't really useful if I can't tell what or where they are
Urgent Restore Issue
Hi, Edit: Restore "Cleaning up" is hanging on "Cleaning up redis temp data folder" Acting in response to this: Authentication Bypass using Filter Configuration | ManageEngine Currently the failed installation is on a 2008R2 Server with SQL Server 2012.
Log4j CVE-2021-44228 Vulnerability Fix In Cloud Security Plus
Please find the steps to use the workaround for log4j jar vulnerability in Cloud Security Plus 1. Download the log4j2.properties file from the below link. https://downloads.zohocorp.com/dnd/EventLog_Analyzer/umsaq2OVwehbxjS/log4j2Prop.zip 2. Put the
An authentication bypass vulnerability identified and fixed in Desktop Central and Desktop Central MSP
Hello! This notification is in regard to an authentication bypass vulnerability that was recently identified in Desktop Central. This applies to Desktop Central MSP as well. Registered as CVE-2021-44515, this vulnerability has now been fixed and released
[Update] Precautionary steps to protect M365 Security Plus from Log4j vulnerability (CVE-2021-44228, CVE-2021-45046 , CVE-2021-45105 and CVE-2021-44832)
This post has been updated on 05/01/2022. Hello there, In M365 Security Plus, the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being
[Update] Precautionary steps to protect M365 Manager Plus from Log4j vulnerability (CVE-2021-44228 , CVE-2021-45046 , CVE-2021-45105 and CVE-2021-44832)
This post has been updated on 05/01/2022. Hello there, In M365 Manager Plus, the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being
Data collection diagnostics report
I currenlty receive a Data collection diagnostics report every morning. There are two users who receive this report that are no longer with the company. Where do I go to update this report?
Microsoft fixes several high-severity security vulnerabilities in Edge for Business (chromium) 96.0.1054.53 update
Hello everyone, Microsoft Edge for Business (chromium) has been updated to 96.0.1054.53 for Windows, macOS, and Linux. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability Severity CVE-2021-4052 Use after free in web apps
Microsoft fixes several high-severity security vulnerabilities in Edge for Business (chromium) 96.0.1054.53 update
Hello everyone, Microsoft Edge for Business (chromium) has been updated to 96.0.1054.53 for Windows, macOS, and Linux. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability Severity CVE-2021-4052 Use after free in web apps
Microsoft fixes several high-severity security vulnerabilities in Edge for Business (chromium) 96.0.1054.53 update
Hello everyone, Microsoft Edge for Business (chromium) has been updated to 96.0.1054.53 for Windows, macOS, and Linux. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability Severity CVE-2021-4052 Use after free in web apps
[Community Digest] ServiceDesk Plus - November 2021
Here is the monthly rewind for November 2021! Version and Build release: 12001 (Released on 16 November 2021) Check our ReadMe for more details. Product Highlights: Behavior changes : SD-97367: The default value of Backup Scheduling is now set to 7
[Virtual MeetUp] Free Training on Handling Emergency Changes
We hope you and your family are staying healthy and safe! We are glad to invite you all for our 5th session of Virtual meetup, which is scheduled on 15th April 2021, registrations are open now. Kindly pick a suitable timezone and register today. 02:00
Is SCP 8121 affected by the log4j2 vulnerability?
Is SCP 8121 affected by the log4j2 vulnerability? If so - where the details for remediation?
ADSelfService Plus RemComSvc.exe is detected as a threat
Hello Support. The attached document informs that the exclusion of the RemComSvc.exe executable must be made in the antivirus for the operation of the ADSelfService Plus Agent: However, Trend Micro antivirus from a client company of ours is detecting the RemComSvc.exe file as a threat. For security reasons, our client will not make the exception of the RemComSvc.exe executable. We have the following questions: Why does the ADSelfService Plus agent need the RemComSvc.exe executable? Can the ADSelfService
How to edit the amount of characters available in the Instances Portal when browser is full screen?
Currently if the web browser is not set to full screen it looks like this: you can see all of "FRM Feedback Log" even though the "g" is cut off a bit, no big deal. Once the web browser is set to full screen this is what it looks like: you can no longer
Printer installed Report
I have pushed a new printer through GPO and I am wanting to run a report to see which machines do not have it installed. Is this possible?
populate combo box with new values
Is it possible to access the db with javascript with some function and extract values to populate fields? Is it possible to access the web service with javascript to collect data? Is it possible to add values to a combobox using addoption without the
Windows 10 Locks up after login after Desktop Central Upgrade to 10.1.2127.18
Ever since we upgraded the DC Central Server to 10.1.2127.18, and subsequently the agent upgraded to 10.1.2127.16.W, we have been experiencing lock ups in Windows 10 20H2 right after login. The machine becomes total unresponsive, only remedy is to power
ServiceDesk Mail Server Settings With M365
I'm trying to configure Mail Server settings to work with M365. I've got the inbound IMAPS working, however, I can't seem to get the outbound SMTP working. I've searched through all the forums and tried various suggestions from there but it still doesn't
Next Page