Patch 32500 Prompting for admin credentials on PCs
Deployed our non critical patches this morning as normal. Bunch of staff ringing me because this patch is prompting when running for administrator credentials..? 32500 MS21-O365C Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2111
Servers vs Workstations
We love Desktop Central! I have read that Desktop Central is great for server management too, but we have only used it for workstations for many years. I am wanting to start deploying it in our servers too. But, our workstations and servers are managed
Visual Studio Express
Hi ALL! I need install Visual Studio Express 2022 (https://visualstudio.microsoft.com/vs/express/) to part of my PCs via DC - how to ??
Is ADSelfService Plus affected by CVE-2021-44228?
Hello Everyone, As stated in the Title, is ADSelfService Plus affected by the log4j Vulnerability CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) ? If I am right, ADSelfService uses Tomcat, not Apache? Thanks in Advance
Solutions appearing from when raising an incident
We have just implemented solutions and discovered that the system looks at common words for example The, and,at. So when an user is raising a ticket if they are using common words the suggested solutions are brining everything up with The in them this
New incident template form.
Hi, New incident from fetched mail is created with "Default template" from Incident Template list, or we can select template used for create incidents from e-mail? I want to assign Site and Group for specific requester. I created new rule under "Incident
Apache Log4Shell vulnerability (CVE-2021-44228)
The identified Log4Shell vulnerability (CVE-2021-44228) is classified as a Zero-Day Vulnerability. The name Log4Shell refers to the fact that this bug is present in a popular Java logging library called Log4j, which when exploited, can allow attackers
Apache Log4Shell vulnerability (CVE-2021-44228)
The identified Log4Shell vulnerability (CVE-2021-44228) is classified as a Zero-Day Vulnerability. The name Log4Shell refers to the fact that this bug is present in a popular Java logging library called Log4j, which when exploited, can allow attackers
Patch Tuesday December 2021 - Updates
Hello everyone, Here is the list of supported December 2021 Patch Tuesday updates New Security Bulletins : 2021-12 Security Only Quality Update for Windows Server 2008 (KB5008271) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893) 2021-12 Security
Patch Tuesday December 2021 - Updates
Hello everyone, Here is the list of supported December 2021 Patch Tuesday updates New Security Bulletins : 2021-12 Security Only Quality Update for Windows Server 2008 (KB5008271) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893) 2021-12 Security
Patch Tuesday December 2021 - Updates
Hello everyone, Here is the list of supported December 2021 Patch Tuesday updates New Security Bulletins : 2021-12 Security Only Quality Update for Windows Server 2008 (KB5008271) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893) 2021-12 Security
Log4j vulnerability in ServiceDesk Plus Cloud edition
I would like to know if our SDP Cloud is or has been vulnerable to log4j. On the forum I only read about the on-prem editions.
log4shell: ADSelfService vulnerable (CVE-2021-44228)
Hello ManageEngine, I investigate all our Systems about CVE-2021-44228. One system is ADSelfService Build 6116. It uses Java, but log4j to? Is this system vulnerable? Is there a fix, patch or workaround for this?
cve-2021-44228 ADAudit and ADSelf Service Guidance
Hello, I wanted to check if these two applications were susceptible to the Log4j vulnerability and what we could do to mitigate if they were? Thank you!
log4j
Hi there, I have seen and implemented the fix for AD Manager but I also need a fix for eventlog analyzer and elastic search/log 360 under the Managine Engine folder. Do you have the requirements for these?
[Security advisory for CVE-2021-44525] Authentication bypass vulnerability in ManageEngine Password Manager Pro
Hi there, The security advisory addresses an authentication bypass vulnerability identified in the product, ManageEngine Password Manager Pro versions up to 12001 [CVE-2021-44525].Given the severity of this vulnerability, we strongly urge all customers
Deprecation of few existing internal APIs
Dear users, We would like to inform you all that existing APIs used for "System Update Notification" and "Product Overview" will be deprecated from version 12004 and the support will be completely removed by March 2022. We highly recommend you to switch
Change Management - Approval & CAB
Hi, Change Management - We have 1st approval, 2nd approval and 3rd conditional approval processes at the consultancy stage. However, we are not able to display approval approvals in the advisory area. We are greeted with the note "This Change is configured
Log4j AD Audit Plus CVE-2021-44228
Hi, i found Log4j-* in /ManageEngine/ADAuditPlus/apps/dataengine-xnode/lib Is there any fix or workaround?
Replacing default image
Hello, I'm trying to replace logos on SDP. I was able to customize the login page, but when requesters passwords expired, or they were forced to create a new password, the opened page for the new password shows the default logo of the SDP. I couldn't
Service Desk Plus - Apache Log4j 2
Hi, According to the recent "Apache Log4j Security Vulnerabilities", may I know how to identify the versions of the Log4j.jar. Current file I have is dated 5/5/2020. And please advise how to apply the fix? Note: I cannot find the "log4j-core" in directory.
[Security Advisory] Supportcenter Plus is not affected by CVE-2021-44228
Dear Users, We would like to inform you that Supportcenter Plus is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework. What is CVE-2021-44228 vulnerability? According to the Apache foundation, the reported
Important: SDP IOS Push Notification certificate has expired
Dear User ServiceDesk Plus IOS push notification certificate expired on 12th December 2021. Hence to overcome push notification issue, please follow the below steps : 1. Shut down the Servicedesk Plus application. 2. Navigate into <SDP_home>\conf folder.
CVE-2021-44228 AKA Log4j vulnerability for App Manager
Hello, Has it been determined if the latest build of Application Manager Plus is affected by the log4j vulnerability? If so what remediation/mitigation steps should be taken?
Looking for Comment on the log4j vulnerability
Looking for Comment on the log4j vulnerability and how ServiceDesk MSP is specifically affected. I don't see that there's been a comprehensive statement regarding ManageEngine products overall. https://pitstop.manageengine.com/portal/en/community/topic/log4j-cve-2021-44228-query-manage-engine-service-desk-plus
Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832
In Log360 UEBA , the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers
ServiceDesk Plus Log4j.jar
Is anyone aware of plans for Zoho to update Log4j in ServiceDesk Plus? Current file I have ServiceDesk\lib\log4j.jar is dated 17/03/2020 and there are no new service packs that I can see that related to the recently announced security vulnerabilities.
Netflow Analyzer Enterprise 12.5 vulnerability to log4j?
Hi, I see that Netflow Analyzer Enterprise 12.5 is using log4j 1.x (which is 6 years End of Life so you might want to think about updating?). According to RedHat this might be suspectible to the same vulnerability as log4j <2.5 if the configuration uses
Assets - Software Description
I am unable to add a description to scanned software. When I click on the description of any software entry, it pops a screen that appears that I should be able to add a description, but the field does not allow for any input. We are looking to be able
System Log Errors
I'm not actually seeing this break anything. But I have a couple Preventative Maintenance Task Templates built. Each one of those has a handful of Task Templates added to it. Each one of these task throws an error (pictured) when the task is triggered
[Security advisory for CVE-2021-44525] Authentication bypass vulnerability in ManageEngine PAM360
Hi there, The security advisory addresses an authentication bypass vulnerability identified in the product, ManageEngine PAM360 versions up to 5302 [CVE-2021-44525]. Given the severity of this vulnerability, we strongly urge all customers using PAM360
Google Secure LDAP
We use Google Workspace as our source of truth for users. Is there any plan for Google Secure LDAP to work with Password Manager Pro? https://support.google.com/a/answer/9048516
Migrate from Postgres to MSSQL - Incompatible Database Version - SDP v11309
Hello, I´m trying to migrate from Postgres to MSSQL following the official article (https://pitstop.manageengine.com/portal/en/kb/articles/how-to-change-the-database-from-mysql-postgresql-to-mssql#heading_15155145025680) but, when I want to restore the
Upgrade problem from 11307 to 12000
While upgrading from 11307 to 12000 got folowing error: Nov 28, 2021 6:45:36 PM [com.adventnet.tools.update.installer.Unzipper] [SEVERE] : ERR:Exception while writing file.java.io.IOException: Entry is outside of the target dir: mickeylite_update.jar
Apache Log4j Vulnerability (CVE-2021-44228) Fix in Log360 UEBA
The recent Apache Log4j security vulnerability (CVE-2021-44228) was publicly disclosed on December 9, 2021. It allows unauthenticated remote code execution in applications that use Apache's log4j versions above 2.0 and below 2.15.0. Log360 UEBA uses
See file name/path details in file scan inventory
Is there a way to see the details of the file scan? I need to know what files are located on a machine and where they reside. Simply seeing that there are 4304 .jar files on a computer isn't really useful if I can't tell what or where they are
Urgent Restore Issue
Hi, Edit: Restore "Cleaning up" is hanging on "Cleaning up redis temp data folder" Acting in response to this: Authentication Bypass using Filter Configuration | ManageEngine Currently the failed installation is on a 2008R2 Server with SQL Server 2012.
Log4j CVE-2021-44228 Vulnerability Fix In Cloud Security Plus
Please find the steps to use the workaround for log4j jar vulnerability in Cloud Security Plus 1. Download the log4j2.properties file from the below link. https://downloads.zohocorp.com/dnd/EventLog_Analyzer/umsaq2OVwehbxjS/log4j2Prop.zip 2. Put the
An authentication bypass vulnerability identified and fixed in Desktop Central and Desktop Central MSP
Hello! This notification is in regard to an authentication bypass vulnerability that was recently identified in Desktop Central. This applies to Desktop Central MSP as well. Registered as CVE-2021-44515, this vulnerability has now been fixed and released
[Update] Precautionary steps to protect M365 Security Plus from Log4j vulnerability (CVE-2021-44228, CVE-2021-45046 , CVE-2021-45105 and CVE-2021-44832)
This post has been updated on 05/01/2022. Hello there, In M365 Security Plus, the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being
Next Page
