CVE-2024-38869
23.08.2024, 15:15
Zohocorp ManageEngine Endpoint Central affected byIncorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
| Vendor | Product | Version |
|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_servicedesk_plus | 14.8:14810 |
| zohocorp | manageengine_servicedesk_plus_msp | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_servicedesk_plus_msp | 14.8:14800 |
| zohocorp | manageengine_supportcenter_plus | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_supportcenter_plus | 14.8:14800 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.