Security News > 2022 > January > Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers.
Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "May allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company noted in an advisory.
Osword from SGLAB of Legendsec at Qi'anxin Group has been credited with discovering and reporting the vulnerability.
The Indian firm said it remediated the issue in build version 10.1.2137.9.
With the latest fix, Zoho has addressed a total of four vulnerabilities over the past five months -.
In light of the fact all the three aforementioned flaws have been exploited by malicious actors, it's recommended that users apply the updates as soon as possible to mitigate any potential threats.
News URL
https://thehackernews.com/2022/01/zoho-releases-patch-for-critical-flaw.html
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-18 | CVE-2021-44757 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | 9.1 |