Description

Zoho ManageEngine Desktop Central before 10.0.474 have a java deserialization vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of ManageEngine Desktop Central

References

ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Related Vulnerabilities

WordPress Plugin AccessAlly PHP Code Execution (3.3.1)

Apache Solr SSRF CVE-2017-3164

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10)

WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)

Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)

Severity

High

Classification

CVE-2020-10189 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution