First published: Tue Sep 21 2021(Updated: )
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ManageEngine Desktop Central | <10.0.683 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-28960 is critical, with a CVSS score of 9.8.
CVE-2021-28960 allows unauthenticated command injection in Zoho ManageEngine Desktop Central before build 10.0.683.
To fix the CVE-2021-28960 vulnerability, update Zoho ManageEngine Desktop Central to build 10.0.683 or later.
The Common Weakness Enumeration (CWE) ID for CVE-2021-28960 is CWE-77.
More information about CVE-2021-28960 can be found on the Zoho ManageEngine website.