Incorrect Authorization Vulnerability Affects Zohocorp's Endpoint Central
CVE-2024-38868

8.3HIGH

Key Information:

Vendor: Manageengine
Status: Endpoint Central
Vendor: CVE Published:; 30 August 2024

Summary

An incorrect authorization vulnerability exists in Zohocorp's ManageEngine Endpoint Central, which compromises the isolation capabilities of devices. This flaw allows unauthorized users to potentially interact with isolated endpoints, posing significant security risks. Affected versions are those prior to 11.3.2406.08 and 11.3.2400.15, emphasizing the importance of timely updates to safeguard against exploitation.

Affected Version(s)

Endpoint Central 0 < 11.3.2406.08

Endpoint Central 0 < 11.3.2400.15

References

https://www.manageengine.com/products/desktop-central/sec...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2024
Vulnerability Reserved
Jun 20, 2024