Lucene search

ManageEngineVULNRICHMENT:CVE-2024-38869

HistoryAug 23, 2024 - 2:07 p.m.

CVE-2024-38869 Incorrect Authorization

2024-08-2314:07:46

CWE-863

ManageEngine

github.com

cve-2024-38869

stored xss

zohocorp

servicedesk plus

servicedesk plus msp

supportcenter plus

versions

14810

14800

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

71.1%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
    ],
    "vendor": "zohocorp",
    "product": "manageengine_endpoint_central",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "11.3.2416.04",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "11.3.2400.25",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.manageengine.com/products/desktop-central/security-updates-config-access.html

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

71.1%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-38869