IDOR Vulnerability in ManageEngine Endpoint Central
CVE-2024-9097

3.5LOW

Key Information:

Vendor: Manageengine
Status: Endpoint Central
Vendor: CVE Published:; 5 February 2025

Summary

ManageEngine Endpoint Central is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability, enabling attackers to manipulate usernames within the chat interface. This flaw arises from insufficient authorization checks, allowing unauthenticated users to gain access and alter sensitive user data. Organizations using versions prior to 11.3.2440.09 are encouraged to apply the latest updates to mitigate potential exploit risks.

Affected Version(s)

Endpoint Central Windows 0 < 11.3.2440.09

References

https://www.manageengine.com/products/desktop-central/cve...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Sep 23, 2024

Credit

Vishnu Das from Temenos