This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2020-10189
Vendor: Zoho
Product: ManageEngine
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-8394
Vendor: Zoho
Product: ManageEngine
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-29583
Vendor: Zyxel
Product: Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
Required Action:
Apply updates per vendor instructions.
CWEs: