CVE-2024-38868

Published: Aug 30, 2024Modified: Sep 4, 2024

8.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Exploitability: 2.8 / Impact: 5.5

Source: NVD

Description

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15

Affected (2)

Products: Zohocorp: Manageengine Endpoint Central

Zohocorp

1 product

Manageengine Endpoint Central

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Endpoint Central	Before 11.3.2400.15
Zohocorp Manageengine Endpoint Central	From 11.3.2401.05 to 11.3.2406.08

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.manageengine.com/products/desktop-central/security-updates-ngav.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Vendor Advisory

Timeline

No history available yet.