Tomasz Kuczyåski

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Desktop Central versions prior to 10.0.647 **Description** The issue allows a single authentication secret from multiple agents to communicate with the server. **Recommendations** For versions prior to 10.0.647, update to build 10.0.647 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Desktop Central versions 10.0.552.W and earlier Zoho ManageEngine Remote Access Plus versions prior to 10.1.2119.1 **Description** A design issue in the client side of the software allows an attacker-controlled server to force the client to skip TLS certificate validation. This can lead to a man-in-the-middle attack against HTTPS and potentially result in unauthenticated remote code execution. **Recommendations** For Zoho ManageEngine Desktop Central version 10.0.552.W, update to a version later than 10.0.552.W. For Zoho ManageEngine Remote Access Plus versions prior to 10.1.2119.1, update to version 10.1.2119.1 or later.