Update on the recent vulnerability in Apache Commons Text library and the impact on ManageEngine on-premise products
Product Name | Release Status |
Asset Explorer | Released in v6982 |
ServiceDesk Plus | Released in v14003 |
ServiceDesk Plus MSP | Released in v13001 |
Password Manager Pro | Released in v12122 |
PAM360 | Released in v5711 |
Access Manager Plus | Released in v4306 |
Endpoint Central | Released in v11.1.2238.5/10.1.2228.10/10.1.2220.16 |
Endpoint Central MSP | Released in v11.1.2238.5/10.1.2220.16 |
Remote Monitoring and Management (RMM) | Released in v10.1.41 |
Patch Manager Plus | Released in v11.1.2238.5/10.1.2228.10 |
Patch Connect Plus | Released in v90112 |
Vulnerability Manager Plus | Released in v11.1.2238.5/10.1.2228.10 |
Application Control Plus | Released in v11.1.2238.5/10.1.2228.10 |
Device Control Plus | Released in v11.1.2238.5/10.1.2228.10 |
Endpoint DLP | Released in v10.1.2137.05 |
OS Deployer | Released in v1.1.2242.1 |
Remote Access Plus | Released in v10.1.2228.10 |
Browser Security Plus | Released in v11.1.2238.6 |
Mobile Device Manager Plus | Released in v10.1.2209.6/10.1.2207.9 |
Please note that we have not identified any usage of the Commons Text library that is exploitable and the investigation is still in progress.
Although the Apache Commons Text library is available in all ManageEngine on-premise solutions, it is only used in the products listed above. These unused components will be removed from later editions of those products.