Lucene search

0fc0942c-577d-436f-ae8e-945763c79b02NVD:CVE-2024-38869

HistoryAug 23, 2024 - 3:15 p.m.

CVE-2024-38869

2024-08-2315:15:15

CWE-863

CWE-79

0fc0942c-577d-436f-ae8e-945763c79b02

web.nvd.nist.gov

cve

cross-site scripting

zohocorp

manageengine

servicedesk plus

servicedesk plus msp

supportcenter plus

vulnerability

security

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

71.1%

JSON

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Affected configurations

Nvd

Node

zohocorpmanageengine_servicedesk_plusRange≤14.7

zohocorpmanageengine_servicedesk_plusMatch14.814810

zohocorpmanageengine_servicedesk_plus_mspRange≤14.7

zohocorpmanageengine_servicedesk_plus_mspMatch14.814800

zohocorpmanageengine_supportcenter_plusRange≤14.7

zohocorpmanageengine_supportcenter_plusMatch14.814800

VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus*cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus14.8cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_servicedesk_plus	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus::::::::
zohocorp	manageengine_servicedesk_plus	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810::::::
zohocorp	manageengine_servicedesk_plus_msp	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp::::::::
zohocorp	manageengine_servicedesk_plus_msp	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800::::::
zohocorp	manageengine_supportcenter_plus	*	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus::::::::
zohocorp	manageengine_supportcenter_plus	14.8	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800::::::

References

www.manageengine.com/products/desktop-central/security-updates-config-access.html