This document addresses an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central.
An authentication bypass vulnerability in Desktop Central was identified which, when exploited, can allow an attacker to read unauthorized data or write an arbitrary zip file in the Desktop Central server.
This vulnerability has been fixed on January 17, 2022 and the mitigation is available in the build 10.1.2137.9. To apply this fix, follow the steps below:
Note: If you fall in the build range 10.1.2140.X to 10.1.2149.X, kindly contact our support team at email@example.com for the fix.
This vulnerability is not applicable to Desktop Central Cloud.
Osword from SGLAB of Legendsec at Qi'anxin Group through our Responsible Disclosure Program.
For any further questions or concerns on this, please write to our support team at firstname.lastname@example.org