1. Home
  2. CVE Database
  3. CVE-2021-44757
CRITICAL · 9.1

CVE-2021-44757

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP arch...

Vulnerability Description

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
ZohocorpManageengine Desktop Central< 10.1.2137.9
ZohocorpManageengine Desktop Central Managed Service Providers< 10.1.2137.9

References

FAQ

What is CVE-2021-44757?

CVE-2021-44757 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP arch...

How severe is CVE-2021-44757?

CVE-2021-44757 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-44757?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Desktop Central, Zohocorp Manageengine Desktop Central Managed Service Providers.