Lucene search

ManageEngineCVE-2024-38869

HistoryAug 23, 2024 - 3:15 p.m.

CVE-2024-38869

2024-08-2315:15:15

CWE-863

CWE-79

ManageEngine

web.nvd.nist.gov

zohocorp manageengine servicedesk plus

servicedesk plus msp

supportcenter plus

stored xss

version 14810

version 14800

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Affected configurations

Nvd

Node

zohocorpmanageengine_servicedesk_plusRange≤14.7

zohocorpmanageengine_servicedesk_plusMatch14.814810

zohocorpmanageengine_servicedesk_plus_mspRange≤14.7

zohocorpmanageengine_servicedesk_plus_mspMatch14.814800

zohocorpmanageengine_supportcenter_plusRange≤14.7

zohocorpmanageengine_supportcenter_plusMatch14.814800

VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus*cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus14.8cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_servicedesk_plus	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus::::::::
zohocorp	manageengine_servicedesk_plus	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810::::::
zohocorp	manageengine_servicedesk_plus_msp	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp::::::::
zohocorp	manageengine_servicedesk_plus_msp	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800::::::
zohocorp	manageengine_supportcenter_plus	*	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus::::::::
zohocorp	manageengine_supportcenter_plus	14.8	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800::::::

CNA Affected

[
  {
    "collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
    "defaultStatus": "unaffected",
    "product": "Endpoint Central",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThan": "11.3.2416.04",
        "status": "affected",
        "version": "0",
        "versionType": "11.3.2416.04"
      },
      {
        "lessThan": "11.3.2400.25",
        "status": "affected",
        "version": "0",
        "versionType": "11.3.2400.25"
      }
    ]
  }
]

References

www.manageengine.com/products/desktop-central/security-updates-config-access.html

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

Related for CVE-2024-38869