CVE-2024-38869

CWE-863Incorrect AuthorizationCWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 83.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Manageengine Endpoint CentralZohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus MSP+1 more
Timeline
PublishedAug 23

Description

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages4 packages

CVEListV5manageengine/endpoint_central< 11.3.2416.04+1

🔴Vulnerability Details

2
CVEList
Incorrect Authorization2024-08-23
GHSA
GHSA-5c96-24qg-f876: An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus2024-08-23
CVE-2024-38869 (MEDIUM CVSS 5.4) | Zohocorp ManageEngine Endpoint Cent | cvebase.io