CVE-2024-38869
EUVD-2024-3765323.08.2024, 15:15
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_servicedesk_plus | 14.8:14810 |
| zohocorp | manageengine_servicedesk_plus_msp | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_servicedesk_plus_msp | 14.8:14800 |
| zohocorp | manageengine_supportcenter_plus | 𝑥 ≤ 14.7 |
| zohocorp | manageengine_supportcenter_plus | 14.8:14800 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| zohocorp | manageengine_endpoint_central | 𝑥 < 11.3.2416.04 | ADP |
| zohocorp | manageengine_endpoint_central | 𝑥 < 11.3.2400.25 | ADP |
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.