IDOR Vulnerability in ManageEngine Endpoint Central
CVE-2024-9097

3.5LOW

Key Information:

Vendor: Manageengine
Status: Endpoint Central
Vendor: CVE Published:; 5 February 2025

🔔 Create Manageengine Vulnerability Alert

What is CVE-2024-9097?

ManageEngine Endpoint Central is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability, enabling attackers to manipulate usernames within the chat interface. This flaw arises from insufficient authorization checks, allowing unauthenticated users to gain access and alter sensitive user data. Organizations using versions prior to 11.3.2440.09 are encouraged to apply the latest updates to mitigate potential exploit risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endpoint Central Windows 0 < 11.3.2440.09

References

https://www.manageengine.com/products/desktop-central/cve...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Sep 23, 2024

Credit

Vishnu Das from Temenos

JSON

Manageengine