CVE-2024-38869

Published: Aug 23, 2024Modified: Aug 30, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Affected (6)

Products: Zohocorp: Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus

Zohocorp

3 products

Manageengine Servicedesk Plus

Manageengine Servicedesk Plus Msp

Manageengine Supportcenter Plus

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Up to 14.7
Zohocorp Manageengine Servicedesk Plus	Version 14.8 14810
Zohocorp Manageengine Servicedesk Plus Msp	Up to 14.7
Zohocorp Manageengine Servicedesk Plus Msp	Version 14.8 14800
Zohocorp Manageengine Supportcenter Plus	Up to 14.7
Zohocorp Manageengine Supportcenter Plus	Version 14.8 14800

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.manageengine.com/products/desktop-central/security-updates-config-access.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Timeline

No history available yet.