ManageEngine Desktop Central Remote Security Bypass (Intrusive Check)
Critical Nessus Plugin ID 82080
SynopsisThe remote web server contains a Java web application that is affected by a security bypass vulnerability.
DescriptionThe version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within DesktopCentral and then perform any tasks DesktopCentral administrative users could perform, including the execution of code and commands on systems managed by DesktopCentral.
SolutionUpgrade to ManageEngine Desktop Central 9 build 90109 or later.