ePO Vulnerability Allows Least Privileged User to Escalate Privileges
CVE-2024-4843
4.3MEDIUM
What is CVE-2024-4843?
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.
Affected Version(s)
ePolicy Orchestrator Windows versions previous to ePO 5.10 Service Pack 1 Update 2