Unauthenticated remote code execution vulnerability (solved)

Unauthenticated remote code execution vulnerability (solved)

Hello all,

 

The authentication bypass and unrestricted file upload leads to Remote Code Execution vulnerability (CVE-2021-41833 )  that came to light in Patch Connect Plus has been addressed recently. This article explains the vulnerability and the steps to fix it.

 

What is the severity level of this vulnerability?

This is a critical vulnerability

 

Whom does it affect?

Users with Patch Connect Plus builds 90098 and earlier are affected.  

 

How do I fix it?

 

This has been addressed in Patch Connect Plus build 90099 on 01.10.2021. To apply this fix, follow the step below:

  • You can find the latest build applicable to you in the URL below. Download the PPM and update it

This hotfix is available at https://www.manageengine.com/sccm-third-party-patch-management/service-pack.html

 

For more information, please visit here

 

In case of queries or technical assistance contact support

 


Regards,

Patch Connect Plus
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products