Unauthenticated remote code execution vulnerability (solved)

Unauthenticated remote code execution vulnerability (solved)

Hello all,

 

The authentication bypass and unrestricted file upload leads to Remote Code Execution vulnerability (CVE-2021-41833 )  that came to light in Patch Connect Plus has been addressed recently. This article explains the vulnerability and the steps to fix it.

 

What is the severity level of this vulnerability?

This is a critical vulnerability

 

Whom does it affect?

Users with Patch Connect Plus builds 90098 and earlier are affected.  

 

How do I fix it?

 

This has been addressed in Patch Connect Plus build 90099 on 01.10.2021. To apply this fix, follow the step below:

  • You can find the latest build applicable to you in the URL below. Download the PPM and update it

This hotfix is available at https://www.manageengine.com/sccm-third-party-patch-management/service-pack.html

 

For more information, please visit here

 

In case of queries or technical assistance contact support

 


Regards,

Patch Connect Plus