CVE-2021-28960

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:manageengine:desktop_central:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:00

Type Values Removed Values Added
References () https://www.manageengine.com - Vendor Advisory () https://www.manageengine.com - Vendor Advisory
References () https://www.manageengine.com/products/desktop-central/unauthenticated-command-injection-vulnerability.html - Vendor Advisory () https://www.manageengine.com/products/desktop-central/unauthenticated-command-injection-vulnerability.html - Vendor Advisory

Information

Published : 2021-09-21 13:15

Updated : 2024-11-21 06:00


NVD link : CVE-2021-28960

Mitre link : CVE-2021-28960

CVE.ORG link : CVE-2021-28960


JSON object : View

Products Affected

manageengine

  • desktop_central
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')