• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
zoho releases patch for critical flaw affecting manageengine desktop central

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

You are here: Home / General Cyber Security News / Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
January 18, 2022

Business computer software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to accomplish unauthorized steps in influenced servers.

Tracked as CVE-2021-44757, the shortcoming fears an instance of authentication bypass that “may perhaps permit an attacker to examine unauthorized facts or compose an arbitrary zip file on the server,” the organization pointed out in an advisory.

Osword from SGLAB of Legendsec at Qi’anxin Group has been credited with getting and reporting the vulnerability. The Indian business reported it remediated the issue in construct version 10.1.2137.9.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

With the most recent fix, Zoho has dealt with a whole of 4 vulnerabilities over the previous 5 months —

  • CVE-2021-40539 (CVSS score: 9.8) – Authentication bypass vulnerability impacting Zoho ManageEngine ADSelfService Additionally
  • CVE-2021-44077 (CVSS score: 9.8) – Unauthenticated remote code execution vulnerability impacting Zoho ManageEngine ServiceDesk As well as, ServiceDesk Moreover MSP, and SupportCenter Furthermore, and
  • CVE-2021-44515 (CVSS score: 9.8) – Authentication bypass vulnerability affecting Zoho ManageEngine Desktop Central

In light-weight of the truth all the a few aforementioned flaws have been exploited by destructive actors, it really is proposed that end users apply the updates as shortly as probable to mitigate any possible threats.

Observed this report intriguing? Abide by THN on Facebook, Twitter  and LinkedIn to go through more distinctive material we write-up.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News EHR Vendor Faces Legal Action Over Data Breach
Next Post: Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors earth lusca hackers aimed at high value targets in government and»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
  • Dev Sabotages Popular NPM Package to Protest Russian Invasion
  • Phishers Using Ukraine Invasion to Solicit Cryptocurrency
  • Hackers spotted using CAPTCHAs to dodge email security scanners
  • FBI Launches Virtual Assets Unit
  • The Total Economic Impact™ of IBM Security MaaS360 with Watson
  • Unified endpoint management solutions 2021-22
  • Misconfigured Firebase Databases Exposing Data in Mobile Apps
  • Six myths of SIEM
  • US Passes “Game-Changing” Cyber Incident Reporting Legislation

Copyright © TheCyberSecurity.News, All Rights Reserved.