CVE-2021-44757

CRITICAL

Zoho ManageEngine Desktop Central <10.1.2137.9 - Auth Bypass

Title source: llm

Description

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022

Scores

CVSS v3 9.1

EPSS 0.4122

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published

Products (2)

zohocorp/manageengine_desktop_central < 10.1.2137.9

zohocorp/manageengine_desktop_central_managed_service_providers < 10.1.2137.9

Published Jan 18, 2022

Tracked Since Feb 18, 2026