CVE-2024-9097

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 68.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Endpoint CentralZohocorp Manageengine Endpoint Central
Timeline
PublishedFeb 5

Description

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5manageengine/endpoint_central< 11.3.2440.09
NVDzohocorp/manageengine_endpoint_central11.3.2428.0111.3.2428.26

🔴Vulnerability Details

2
GHSA
GHSA-fq8v-wjfj-2725: ManageEngine Endpoint Central versions before 112025-02-05
CVEList
IDOR2025-02-05
CVE-2024-9097 (MEDIUM CVSS 4.3) | ManageEngine Endpoint Central versi | cvebase.io