Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

CVE-2020-10189

A few versions of Desktop Central include a remote code execution (RCE) vulnerability originally reported by Steven Seeley from Source Incite. This document will shed light on how to identify if the vulnerability is present in your network, and the steps to follow after identifying the vulnerability.

please follow the instructions here:
https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html

A few versions of Desktop Central include a remote code execution (RCE) vulnerability originally reported by Steven Seeley from Source Incite. This document will shed light on how to identify if the vulnerability is present in your network, and the steps to follow after identifying the vulnerability.
please follow the instructions here:
<a href="https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html">https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html</a>

Identification and mitigation of remote code execution vulnerability CVE-2020-10189

Upgrade to the latest build - 10.0.479.

Upgrade to the latest build

Featured CVEs

Feed of the featured CVEs from Vulcan Remedy Cloud.

Vulcan Remedy Cloud - Featured CVEs

Thank you for downloading from Remedy Cloud!

Please fill out the form to download the CSV

Your Script is On It's Way!

Tell us where to send the script

Your Email Was Successfully Sent!

Email

Your Name

Your fix has been sent successfully!

Suggest a Fix

Search for a CVE below to see all the available fixes

Remedy Cloud

Loading - Vulcan Remedy Cloud

The page you are looking for was moved, removed, renamed or might never existed.

CVE-2020-10189

2 fixes found:

Workaround

Identification and mitigation of remote code execution vulnerability CVE-2020-10189

Version Update

Upgrade to the latest build