CVE-2022-48362

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central versions prior to 10.1.2137.2 ManageEngine Endpoint Central MSP versions prior to 10.1.2137.2

Description The issue is related to the AgentLogUploadServlet component in ManageEngine Desktop Central and ManageEngine Endpoint Central MSP, which is associated with incorrect restriction of a directory path name when handling the computerName parameter. This could allow a remote attacker to bypass security restrictions and execute arbitrary code.

Recommendations For ManageEngine Desktop Central versions prior to 10.1.2137.2, update to version 10.1.2137.2 or later. For ManageEngine Endpoint Central MSP versions prior to 10.1.2137.2, update to version 10.1.2137.2 or later. As a temporary workaround, consider restricting access to the AgentLogUploadServlet component until a patch is available. Avoid using the computerName parameter in the affected API endpoint until the issue is resolved.