{"id":6438,"date":"2021-12-06T16:41:57","date_gmt":"2021-12-06T07:41:57","guid":{"rendered":"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=6438"},"modified":"2022-02-09T10:09:32","modified_gmt":"2022-02-09T01:09:32","slug":"%e3%80%90%e6%97%a2%e7%9f%a5%e3%81%ae%e4%b8%8d%e5%85%b7%e5%90%88%e3%80%91desktop-central%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7cve-2021-44515%e3%81%ab%e3%81%a4%e3%81%84%e3%81%a6","status":"publish","type":"post","link":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/?p=6438","title":{"rendered":"\u3010\u6700\u65b0\u30d3\u30eb\u30c9\u3067\u4fee\u6b63\u6e08\u307f\u3011Desktop Central\u306e\u8106\u5f31\u6027(CVE-2021-44515)\u306b\u3064\u3044\u3066"},"content":{"rendered":"<h4>\u3010\u65e2\u77e5\u306e\u4e0d\u5177\u5408\u3011Desktop Central\u306e\u8106\u5f31\u6027(CVE-2021-44515)\u306b\u3064\u3044\u3066<\/h4>\n<h5>\u3010\u5bfe\u8c61\u30d3\u30eb\u30c9\u3011<\/h5>\n<ul>\n<li>Desktop Central Enterprise Edition <b>10.1.2127.17\u4ee5\u524d<\/b>\u306e\u30d3\u30eb\u30c9 (<b>10.0.643<\/b> \u304a\u3088\u3073 <b>10.0.644 \u3092\u9664\u304f<\/b>)<\/li>\n<li>Desktop Central Enterprise Edition <b>10.1.2128.0<\/b> \u304b\u3089 <b>10.1.2137.2 \u306e\u30d3\u30eb\u30c9<\/b><\/li>\n<\/ul>\n<p>\u203b \u8106\u5f31\u6027\u767a\u898b\u6642\u306e\u65e5\u672c\u56fd\u5185\u3067\u306e\u6700\u65b0\u30d3\u30eb\u30c9\u304c 10.0.642 \u306e\u305f\u3081\u3001\u65e5\u672c\u56fd\u5185\u3067\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u3066\u3044\u308b 10.0.642\u4ee5\u524d\u306e\u3059\u3079\u3066\u306e\u30d3\u30eb\u30c9 \u304c\u5bfe\u8c61\u3068\u306a\u308a\u307e\u3059\u3002(\u53c2\u8003:<a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=834\">\u65e5\u672c\u3067\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u30d3\u30eb\u30c9\u4e00\u89a7<\/a>)<br \/>\n\u203b \u30d3\u30eb\u30c9\u756a\u53f7\u306e\u6570\u3048\u65b9\u304c10.1\u304b\u3089\u5909\u66f4\u3068\u306a\u308a\u307e\u3059\u3002\u8a73\u3057\u304f\u306f<a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=31\">\u30d3\u30eb\u30c9\u756a\u53f7\u306e\u78ba\u8a8d\u65b9\u6cd5<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<br \/>\n\u203b \u30af\u30e9\u30a6\u30c9\u7248(Desktop Central Cloud)\u3078\u306e\u5f71\u97ff\u306f\u3042\u308a\u307e\u305b\u3093\u3002<br \/>\n\u203b ServiceDesk Plus 11.3 \u4ee5\u4e0a\u3092\u3054\u5229\u7528\u306e\u5834\u5408\u306f<a href=\"#IntegratedSDP\">\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>&nbsp;<\/p>\n<h5>\u3010\u554f\u984c\u3011<\/h5>\n<p>\u4e0a\u8a18\u5bfe\u8c61\u30d3\u30eb\u30c9\u306eDesktop Central\u306b\u306f\u3001\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u3001Desktop Central\u4efb\u610f\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u88ab\u5bb3\u3092\u53d7\u3051\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002 (CVE-2021-44515)\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44515\">https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44515<\/a> (CVE,\u82f1\u8a9e)<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44515\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44515<\/a> (NVD,\u82f1\u8a9e)<\/li>\n<li><a href=\"https:\/\/www.manageengine.com\/products\/desktop-central\/cve-2021-44515-authentication-bypass-filter-configuration.html\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.manageengine.com\/products\/desktop-central\/cve-2021-44515-authentication-bypass-filter-configuration.html<\/a>(Zoho Corporation,\u82f1\u8a9e)<\/li>\n<li><a href=\"https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp<\/a>(Zoho Corporation,\u82f1\u8a9e)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr>\n<h5>\u3010\u8a73\u7d30\u3011<\/h5>\n<p>Desktop Central\u306b\u304a\u3044\u3066\u3001\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u304c\u7279\u6027\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u5074\u306b\u304a\u3044\u3066\u4efb\u610f\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u88ab\u5bb3\u3092\u53d7\u3051\u308b\u304a\u305d\u308c\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u4fb5\u5bb3\u3092\u53d7\u3051\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3059\u308b\u7c21\u5358\u306a\u30c4\u30fc\u30eb\uff08\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u691c\u77e5\u30c4\u30fc\u30eb\uff09\u3092\u4f5c\u6210\u3044\u305f\u3057\u307e\u3057\u305f\u3002\u4f7f\u7528\u65b9\u6cd5\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n<ol>\n<li>Desktop Central\u30b5\u30fc\u30d0\u30fc\u3067\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u691c\u77e5\u30c4\u30fc\u30eb\u3092<a href=\"https:\/\/downloads.zohocorp.com\/dnd\/Desktop_Central\/1DpksSVnkwSJn9z\/detector.zip\" target=\"_blank\" rel=\"noopener\">\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<\/a>\u3057\u307e\u3059\u3002<\/li>\n<li>\u30d5\u30a1\u30a4\u30eb\u3092\u89e3\u51cd\u3057\u3001Desktop Central\u30b5\u30fc\u30d0\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc\\bin \u5185\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<br \/>\n  (\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30d1\u30b9\u306f \\ManageEngine\\UEMS_CentralServer\\bin folder \u307e\u305f\u306f \\ManageEngine\\DesktopCentral_Server\\bin \uff09<\/li>\n<li>\u30b3\u30de\u30f3\u30c9\u30d7\u30ed\u30f3\u30d7\u30c8\u3092\u958b\u304d\u3001\u5148\u307b\u3069\u306e\u30d5\u30a9\u30eb\u30c0\u30fc\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002\n<li>RECScan.exe\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\n<li>\"NOT COMPRPMISED\" \u3068\u8868\u793a\u3055\u308c\u308c\u3070\u554f\u984c\u3042\u308a\u307e\u305b\u3093\u3002\u306a\u304a\u3001\u4fb5\u5bb3\u6307\u6a19\u30a4\u30f3\u30c7\u30a3\u30b1\u30fc\u30bf\u30fc(Indicators of Compromise, IOC)\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u5831\u544a\u3055\u308c\u3066\u304a\u308a\u307e\u3059\u3002\n<ul>\n<li> &lt;Desktop Central\u30b5\u30fc\u30d0\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc&gt;\\lib \u5185\u306e aaa.zip ( md5 - 9809bdf6e9981fbc3ad515b731124342 ) <\/li>\n<li> &lt;Desktop Central\u30b5\u30fc\u30d0\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc&gt;\\webapps\\DesktopCentral\\html \u5185\u306e help_me.jsp <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<div class=\"point\">\n\u5916\u90e8\u304b\u3089\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\u74b0\u5883\u3067Desktop Central\u3092\u3054\u4f7f\u7528\u306e\u5834\u5408\u3001\u672c\u8106\u5f31\u6027\u306b\u3088\u308b\u653b\u6483\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306f\u4f4e\u3044\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002\u3057\u304b\u3057\u306a\u304c\u3089\u3001<b>\u53ef\u80fd\u306a\u9650\u308a\u65e9\u6025\u306a\u5bfe\u5fdc\u3092\u304a\u3059\u3059\u3081\u3044\u305f\u3057\u307e\u3059<\/b>\u3002\n<\/div>\n<hr>\n<h5>\u5bfe\u51e6\u65b9\u6cd5<\/h5>\n<h6>\u5fc5\u9808\u306e\u5bfe\u5fdc<\/h6>\n<p>\u65e5\u672c\u56fd\u5185\u5411\u3051\u6700\u65b0\u30d3\u30eb\u30c9\u3067\u4fee\u6b63\u6e08\u307f\u3067\u3059\u3002\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3057\u3066\u5bfe\u5fdc\u3057\u307e\u3059\u3002<\/p>\n<p><span style=\"color:red;\">\u65b0\u30d3\u30eb\u30c9\u30ea\u30ea\u30fc\u30b9\u306b\u4f34\u3044\u3001\u8a18\u8ff0\u3092\u5909\u66f4\u3057\u307e\u3057\u305f<\/span><br \/>\n<del datetime=\"2021-12-17T05:01:58+00:00\">Desktop Central 10.0.644 Desktop Central 10.0.644 \u3078\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3057\u307e\u3059\u3002<\/del><\/p>\n<ul>\n<li><del datetime=\"2021-12-17T05:01:58+00:00\"><a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=6447\">Desktop Central 10.0.643\u30ea\u30ea\u30fc\u30b9\u30ce\u30fc\u30c8<\/a><\/del><\/li>\n<li><del datetime=\"2021-12-17T05:01:58+00:00\"><a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=6445\">Desktop Central 10.0.643\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u624b\u9806<\/a><\/del><\/li>\n<li><del datetime=\"2022-02-09T01:05:06+00:00\"><a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=6470\">Desktop Central 10.0.644\u30ea\u30ea\u30fc\u30b9\u30ce\u30fc\u30c8<\/a><\/del><\/li>\n<li><del datetime=\"2022-02-09T01:05:06+00:00\"><a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=6469\">Desktop Central 10.0.644\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u624b\u9806<\/a><\/del><\/li>\n<\/ul>\n<h6>\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u5834\u5408\u306e\u5bfe\u5fdc<\/h6>\n<ol>\n<li>\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u30b7\u30b9\u30c6\u30e0\u3092\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089\u9694\u96e2\u3057\u307e\u3059\u3002<\/li>\n<li>Desktop Central\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306e<a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=860\">\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97<\/a>\u3057\u3001\u5916\u90e8\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/li>\n<li>\u305d\u306e\u4ed6\u306e\u5fc5\u8981\u306a\u30c7\u30fc\u30bf\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97\u3057\u3001\u5916\u90e8\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/li>\n<li>\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u30b7\u30b9\u30c6\u30e0\u3092\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3057\u307e\u3059\u3002<\/li>\n<li>Desktop Central\u3092\uff08\u53ef\u80fd\u306a\u3089\u5225\u306e\u30b7\u30b9\u30c6\u30e0\u306b\uff09\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97\u3057\u305f\u30d3\u30eb\u30c9\u3068\u540c\u3058\u30d3\u30eb\u30c9\u306eDesktop Central\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/li>\n<li>\u53d6\u5f97\u3057\u305f<a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Desktop_Central\/?p=860\">\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u30ea\u30b9\u30c8\u30a2<\/a>\u3057\u307e\u3059\u3002<\/li>\n<li>\u6700\u65b0\u30d3\u30eb\u30c9\u306b\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3057\u307e\u3059\u3002<\/li>\n<li>\u4ee5\u4e0b\u306e\u5bfe\u5fdc\u3092\u304a\u3059\u3059\u3081\u3057\u307e\u3059\u3002\n<ul>\n<li>\u3059\u3079\u3066\u306e\u30b5\u30fc\u30d3\u30b9\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u3001Active Directory\u306a\u3069\u3001\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u3059\u3079\u3066\u306e\u30b5\u30fc\u30d3\u30b9\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8\u3057\u307e\u3059\u3002<\/li>\n<li>Active Directory\u7ba1\u7406\u8005\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<hr>\n<h5 id=\"integratedSDP\">ServiceDesk Plus 11.3\u4ee5\u4e0a\u3092\u3054\u5229\u7528\u306e\u5834\u5408<\/h5>\n<p>ServiceDesk Plus 11.3\u4ee5\u4e0a\u3092\u3054\u5229\u7528\u306e\u5834\u5408\u3001\u8cc7\u7523\u7ba1\u7406\u306e\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30b9\u30ad\u30e3\u30f3\u306b\u304a\u3044\u3066Desktop Central\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002<br \/>\n\u203b ServiceDesk Plus 11.2\u4ee5\u524d\u3092\u3054\u5229\u7528\u306e\u5834\u5408\u3001Desktop Central\u306f\u4f7f\u7528\u3055\u308c\u3066\u304a\u308a\u307e\u305b\u3093\u3002<br \/>\nServiceDesk Plus 11.3\u4ee5\u4e0a\u306e\u74b0\u5883\u3067\u4f7f\u7528\u3055\u308c\u308bDesktop Central\u306f\u30d3\u30eb\u30c910.1\u4ee5\u964d\u306e\u305f\u3081\u3001\u65e5\u672c\u56fd\u5185\u5411\u3051\u6700\u65b0\u7248\u306e Desktop Central (Desktop Central 10.1.2137.11 \u4ee5\u964d)\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3092\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\u3002<br \/>\n<del datetime=\"2022-02-09T01:05:06+00:00\">\u65e5\u672c\u56fd\u5185\u3067\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u3066\u3044\u308b\u4fee\u6b63\u30d3\u30eb\u30c9\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u306f\u3067\u304d\u307e\u305b\u3093\u3002<br \/>\n<a href=\"https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/security-advisory-for-cve-2021-44526-and-cve-2021-44515-authentication-bypass-vulnerabilities-in-assetexplorer-and-desktop-central\" target=\"_blank\" rel=\"noopener noreferrer\">\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u3044\u305f\u3060\u304d\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u3067\u306e\u6700\u65b0\u30d3\u30eb\u30c9 10.1.2127.18 \u307e\u305f\u306f 10.1.2137.3 \u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3092\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\u3002<\/del><br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3010\u65e2\u77e5\u306e\u4e0d\u5177\u5408\u3011Desktop Central\u306e\u8106\u5f31\u6027(CVE-2021-44515)\u306b\u3064\u3044\u3066 \u3010\u5bfe\u8c61\u30d3\u30eb\u30c9\u3011 Desktop Central Ent\u2026 <a href=\"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/?p=6438\" class=\"more\">\uff3b\u7d9a\u304d\u3092\u8aad\u3080\uff3d<\/a><\/p>\n","protected":false},"author":72,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[436,6],"tags":[1047,433,815,466],"class_list":["post-6438","post","type-post","status-publish","format-standard","hentry","category-08security","category-09known-issue","tag-cve-2021-44515","tag-433","tag-815","tag-466"],"modified_by":"seiji","_links":{"self":[{"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/posts\/6438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/users\/72"}],"replies":[{"embeddable":true,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6438"}],"version-history":[{"count":13,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/posts\/6438\/revisions"}],"predecessor-version":[{"id":6673,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=\/wp\/v2\/posts\/6438\/revisions\/6673"}],"wp:attachment":[{"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.manageengine.jp\/support\/kb\/Endpoint_Central\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}