Manageengine desktop central
This hub aggregates every CVE we track for Manageengine desktop central, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
50
CVEs tracked
21
Critical
17
High
2
In CISA KEV
Severity distribution
CRITICAL21HIGH17MEDIUM12
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine desktop central.
- CVE-2023-4769Server-Side Request Forgery in ManageEngine Desktop Central6.6
- CVE-2023-4768Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central6.1
- CVE-2023-4767Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central6.1
- CVE-2022-48362Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbit...8.8
- CVE-2022-23779Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.5.3
- CVE-2022-23863Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.6.5
- CVE-2021-44757Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP a...9.1
- CVE-2021-46164Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.8.8
- CVE-2021-46165Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.7.8
- CVE-2021-46166Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.6.5
- CVE-2021-44515Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127....KEV9.8
- CVE-2021-37414Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.7.5
- CVE-2020-9367The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the compl...7.8
- CVE-2020-28050Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.9.1
- CVE-2019-16962Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.5.4
Product normalization is registry-driven with AI assist and human review. How it works