CVE-2021-37414 : Insufficient Authentication and Authorization Handling Vulnerability

This document addresses an "Insufficient Authentication & Authorization handling" vulnerability (CVE-2021-37414) in Desktop Central, reported by Cedric.

What was the problem?

There was an endpoint with insufficient access control in the server, which when exploited, could potentially lead to gaining access to the Desktop Central instance.

How do I fix it?

This has been identified and fixed in Desktop Central build 10.0.709 on 23.07.2021. To apply this fix, follow the steps below:

  1. Log in to your Desktop Central console, click on your current build number on the top right corner.
  2. You can find the latest build applicable to you. Download the PPM and update.

Note: This vulnerability is not applicable to cloud editions of Desktop Central, Patch Manager Plus and Remote Access Plus.

Please contact support for further details at desktopcentral-support@manageengine.com.

Keywords: Security Updates, Vulnerabilities and Fixes.