CVE-2021-46164
https://notcve.org/view.php?id=CVE-2021-46164
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.662, permite una ejecución de código remota por parte de un usuario autenticado que tenga acceso completo al módulo de Informes • https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html •
CVE-2021-46165
https://notcve.org/view.php?id=CVE-2021-46165
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.662, durante el inicio, lanza un archivo ejecutable desde los archivos por lotes, pero la ruta de este archivo podría no estar correctamente definida • https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html •
CVE-2021-46166
https://notcve.org/view.php?id=CVE-2021-46166
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.662, permite a usuarios autenticados conseguir información confidencial de la base de datos al visitar la página de Informes • https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-44515 – Zoho Desktop Central Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. • https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html •
CVE-2021-37414
https://notcve.org/view.php?id=CVE-2021-37414
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. Zoho ManageEngine DesktopCentral antes de la versión 10.0.709 permite a cualquiera obtener la APIKEY de un usuario válido sin necesidad de autenticación • https://www.manageengine.com/products/desktop-central/help/introduction/release_notes.html https://www.manageengine.com/products/desktop-central/improper-access-control.html • CWE-287: Improper Authentication •