Vulnerabilities > CVE-2021-44757 - Unspecified vulnerability in Zohocorp products

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zohocorp

critical

NVD

Published: 2022-01-18

Updated: 2022-07-12

Summary

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Desktop Central - Zohocorp Manageengine Desktop Central 7.0 Zohocorp Manageengine Desktop Central 7.0.0 Zohocorp Manageengine Desktop Central 7.0.1 Zohocorp Manageengine Desktop Central 8.0.0 Zohocorp Manageengine Desktop Central 9.0 Zohocorp Manageengine Desktop Central 9.1.0 Zohocorp Manageengine Desktop Central 10 Zohocorp Manageengine Desktop Central 10.0 Zohocorp Manageengine Desktop Central 10.0.0 Zohocorp Manageengine Desktop Central 10.0.124 Zohocorp Manageengine Desktop Central 10.0.137 Zohocorp Manageengine Desktop Central 10.0.184 Zohocorp Manageengine Desktop Central 10.0.255 Zohocorp Manageengine Desktop Central 10.0.271 Zohocorp Manageengine Desktop Central 10.0.289 Zohocorp Manageengine Desktop Central 10.0.290 Zohocorp Manageengine Desktop Central 10.0.380 Zohocorp Manageengine Desktop Central 10.0.430 Zohocorp Manageengine Desktop Central 10.0.479 Zohocorp Manageengine Desktop Central 10.0.483 Zohocorp Manageengine Desktop Central 10.0.484 Zohocorp Manageengine Desktop Central 10.0.486 Zohocorp Manageengine Desktop Central 10.0.533 Zohocorp Manageengine Desktop Central 10.0.552.W Zohocorp Manageengine Desktop Central 10.0.561 Zohocorp Manageengine Desktop Central 10.0.647 Zohocorp Manageengine Desktop Central 10.1.2119.7 Zohocorp Manageengine Desktop Central 10.1.2127.17 Zohocorp Manageengine Desktop Central 10.1.2127.18 Zohocorp Manageengine Desktop Central 10.1.2128.0 Zohocorp Manageengine Desktop Central 10.1.2137.2 Zohocorp Manageengine Desktop Central 10.1.2137.3 Zohocorp Manageengine Desktop Central 10.1.2137.8 Zohocorp Manageengine Desktop Central Managed Service Providers - Zohocorp Manageengine Desktop Central Managed Service Providers 7.0 Zohocorp Manageengine Desktop Central Managed Service Providers 9.0	43

References

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022