Skip to main content

Manageengine Desktop Central

34 CVEs product

Monthly

CVE-2023-4769 HIGH This Week

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Desktop Central
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-4768 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2023-4767 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-23779 MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
5.3
EPSS
15.1%
CVE-2021-44515 CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-37414 HIGH This Week

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-24397 HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
7.2
EPSS
27.8%
CVE-2020-15589 HIGH This Week

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho RCE Manageengine Desktop Central Manageengine Remote Access Plus
NVD
CVSS 3.1
8.1
EPSS
8.3%
CVE-2020-15588 CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2020-10859 MEDIUM This Month

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
CVSS 3.1
6.5
EPSS
4.4%
CVE-2020-8509 HIGH This Week

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
7.5
EPSS
10.4%
CVE-2020-8540 CRITICAL Act Now

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF XXE Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2019-12876 HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus Manageengine Adselfservice Plus Manageengine Desktop Central
NVD
CVSS 3.0
7.3
EPSS
4.6%
CVE-2019-12133 HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus Manageengine Browser Security Plus Manageengine Desktop Central +15
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-16833 MEDIUM This Month

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
CVSS 3.0
6.1
EPSS
65.4%
CVE-2018-13412 HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-13411 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-11717 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2018-11716 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
14.3%
CVE-2018-12999 HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-5342 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure PostgreSQL Manageengine Desktop Central
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2018-5341 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-5340 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
7.2
EPSS
5.2%
CVE-2018-5339 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2018-5338 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
9.0%
CVE-2018-5337 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2018-8722 MEDIUM This Month

Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2015-2560 CRITICAL POC THREAT Emergency

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.4%.

Privilege Escalation Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
20.4%
Threat
4.1
CVE-2017-11346 CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.0%
Threat
4.2
CVE-2017-7213 CRITICAL PATCH Act Now

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4%.

Information Disclosure Zoho Manageengine Desktop Central
NVD
CVSS 3.0
10.0
EPSS
10.4%
CVE-2014-9331 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Zoho CSRF Manageengine Desktop Central
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9371 CRITICAL Act Now

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Zoho RCE Manageengine Desktop Central
NVD
CVSS 2.0
10.0
EPSS
10.2%
CVE-2014-5006 HIGH POC THREAT Act Now

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.9%.

Path Traversal RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
55.9%
Threat
4.7
CVE-2014-5005 HIGH POC THREAT Act Now

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

Path Traversal RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.8%
Threat
5.6
EPSS 3% CVSS 8.8
HIGH This Week

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Desktop Central
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass +1
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
EPSS 28% CVSS 7.2
HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 8% CVSS 8.1
HIGH This Week

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho RCE Manageengine Desktop Central +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
EPSS 10% CVSS 7.5
HIGH This Week

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Information Disclosure +1
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF XXE +1
NVD
EPSS 5% CVSS 7.3
HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus +17
NVD GitHub
EPSS 65% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Zoho Information Disclosure +1
NVD
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure PostgreSQL +1
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 5% CVSS 7.2
HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
EPSS 20% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.4%.

Privilege Escalation Manageengine Desktop Central
NVD
EPSS 25% 4.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
EPSS 10% CVSS 10.0
CRITICAL PATCH Act Now

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4%.

Information Disclosure Zoho Manageengine Desktop Central
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Zoho CSRF Manageengine Desktop Central
NVD Exploit-DB
EPSS 10% CVSS 10.0
CRITICAL Act Now

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Zoho RCE Manageengine Desktop Central
NVD
EPSS 56% 4.7 CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.9%.

Path Traversal RCE Zoho +1
NVD Exploit-DB
EPSS 86% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

Path Traversal RCE Zoho +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy