Hello all!
This notification is in regard to an authentication bypass vulnerability that was recently identified and fixed in Desktop Central and Desktop Central MSP. Registered as CVE-2021-44757, this vulnerability has now been fixed and released in our latest build on January 17, 2022.
What is the vulnerability?
An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.
What is the impact?
If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server.
How to mitigate this?
This vulnerability has been fixed on January 17, 2022, and the mitigation is available in the latest versions of Desktop Central and Desktop Central MSP. Please refer to the KB documents of
Desktop Central and
Desktop Central MSP for more details.
Recommendation - Do follow the security hardening guidelines for
Desktop Central and
Desktop Central MSP to ensure all the security controls are configured to keep your network secure.
Rest assured that we continuously strive to take appropriate security measures and adapt to relevant security controls in our products. If you need any further assistance, our support team is always ready to help. Please reach out to us at:
Regards,
The ManageEngine Team.