Unauthenticated remote code execution vulnerability (solved)

Unauthenticated remote code execution vulnerability (solved)

Hello all,


The authentication bypass and unrestricted file upload leads to Remote Code Execution vulnerability (CVE-2021-41833 )  that came to light in Patch Connect Plus has been addressed recently. This article explains the vulnerability and the steps to fix it.


What is the severity level of this vulnerability?

This is a critical vulnerability


Whom does it affect?

Users with Patch Connect Plus builds 90098 and earlier are affected.  


How do I fix it?


This has been addressed in Patch Connect Plus build 90099 on 01.10.2021. To apply this fix, follow the step below:

  • You can find the latest build applicable to you in the URL below. Download the PPM and update it

This hotfix is available at https://www.manageengine.com/sccm-third-party-patch-management/service-pack.html


For more information, please visit here


In case of queries or technical assistance contact support



Patch Connect Plus

                  New to ADSelfService Plus?