CVE-2021-37414 : Insufficient Authentication and Authorization Handling Vulnerability

This document addresses an "Insufficient Authentication & Authorization handling" vulnerability (CVE-2021-37414) in Endpoint Central, as reported by Cedric.

What was the problem?

There was an endpoint with insufficient access control in the server, which when exploited, could potentially lead to gaining access to the Endpoint Central instance.

How do I fix it?

This has been identified and fixed in Endpoint Central build 10.0.709 on 23.07.2021. To apply this fix, follow the steps below:

  1. Log in to your Endpoint Central console, click on your current build number on the top right corner.
  2. You can find the latest build applicable to you. Download the PPM and update.

Note: This vulnerability is not applicable to cloud editions of Endpoint Central, Patch Manager Plus and Remote Access Plus.

Please contact support for further details at desktopcentral-support@manageengine.com.

Keywords: Security Updates, Vulnerabilities and Fixes.