CVE-2024-38869

HIGH

ManageEngine Endpoint Central < 11.3.2416.04 & < 11.3.2400.25 - Incorrect Authorization

Title source: llm

Description

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

References (1)

Core 1

Core References

Various Sources

https://www.manageengine.com/products/desktop-central/security-updates-config-access.html

Scores

CVSS v3 8.3

EPSS 0.0007

EPSS Percentile 21.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79 CWE-863

Status published

Products (6)

zohocorp/manageengine_servicedesk_plus 14.8 14810

zohocorp/manageengine_servicedesk_plus < 14.7

zohocorp/manageengine_servicedesk_plus_msp 14.8 14800

zohocorp/manageengine_servicedesk_plus_msp < 14.7

zohocorp/manageengine_supportcenter_plus 14.8 14800

zohocorp/manageengine_supportcenter_plus < 14.7

Published Aug 23, 2024

Tracked Since Feb 18, 2026