Search
Find a vulnerability
Search criteria
8 vulnerabilities found for EndPoint Central by ManageEngine
CVE-2024-9097 (GCVE-0-2024-9097)
Vulnerability from nvd – Published: 2025-02-05 12:40 – Updated: 2025-02-12 20:51
VLAI
Title
IDOR
Summary
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2440.09
(11.3.2440.09)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T13:56:34.454181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:30.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/desktop-central/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2440.09",
"status": "affected",
"version": "0",
"versionType": "11.3.2440.09"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vishnu Das from Temenos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ManageEngine Endpoint Central versions before\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ManageEngine Endpoint Central versions before\u00a011.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T12:40:15.257Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/cve-2024-9097.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "IDOR",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-9097",
"datePublished": "2025-02-05T12:40:15.257Z",
"dateReserved": "2024-09-23T04:18:05.868Z",
"dateUpdated": "2025-02-12T20:51:30.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10203 (GCVE-0-2024-10203)
Vulnerability from nvd – Published: 2024-11-07 09:20 – Updated: 2024-11-07 14:27
VLAI
Title
Agent Arbitrary File Deletion
Summary
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | EndPoint Central |
Affected:
0 , < 11.3.2416.22
(11.3.2416.21)
Affected: 0 , < 11.3.2428.10 (11.3.2416.22) |
|
| zohocorp | manageengine_endpoint_central |
Affected:
0 , < 11.3.2416.22
(custom)
Affected: 0 , < 11.3.2428.10 (custom) cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_endpoint_central",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "11.3.2416.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.2428.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:14:19.663318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:27:15.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EndPoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2416.22",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.21"
},
{
"lessThan": "11.3.2428.10",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brenden Meeder"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T09:20:07.450Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/cve-2024-10203.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-10203",
"datePublished": "2024-11-07T09:20:07.450Z",
"dateReserved": "2024-10-21T04:28:34.057Z",
"dateUpdated": "2024-11-07T14:27:15.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38868 (GCVE-0-2024-38868)
Vulnerability from nvd – Published: 2024-08-30 17:44 – Updated: 2024-08-30 17:59
VLAI
Title
Incorrect Authorization
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2406.08
(11.3.2416.04)
Affected: 0 , < 11.3.2400.15 (11.3.2400.25) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:59:35.976253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:59:41.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2406.08",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.04"
},
{
"lessThan": "11.3.2400.15",
"status": "affected",
"version": "0",
"versionType": "11.3.2400.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect authorization vulnerability while isolating the devices.\u003c/span\u003e\u003cp\u003eThis issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:44:38.932Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/security-updates-ngav.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-38868",
"datePublished": "2024-08-30T17:44:38.932Z",
"dateReserved": "2024-06-20T13:15:39.620Z",
"dateUpdated": "2024-08-30T17:59:41.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38869 (GCVE-0-2024-38869)
Vulnerability from nvd – Published: 2024-08-23 14:07 – Updated: 2024-08-30 18:47
VLAI
Title
Incorrect Authorization
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2416.04
(11.3.2416.04)
Affected: 0 , < 11.3.2400.25 (11.3.2400.25) |
|
| zohocorp | manageengine_endpoint_central |
Affected:
0 , < 11.3.2416.04
(custom)
Affected: 0 , < 11.3.2400.25 (custom) cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_endpoint_central",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:31:53.529114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:47:26.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.04"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "11.3.2400.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect authorization vulnerability in remote office deploy configurations.\u003c/span\u003e\u003cp\u003eThis issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:30:05.650Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-38869",
"datePublished": "2024-08-23T14:07:46.792Z",
"dateReserved": "2024-06-20T13:15:39.620Z",
"dateUpdated": "2024-08-30T18:47:26.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9097 (GCVE-0-2024-9097)
Vulnerability from cvelistv5 – Published: 2025-02-05 12:40 – Updated: 2025-02-12 20:51
VLAI
Title
IDOR
Summary
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2440.09
(11.3.2440.09)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T13:56:34.454181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:30.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/desktop-central/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2440.09",
"status": "affected",
"version": "0",
"versionType": "11.3.2440.09"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vishnu Das from Temenos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ManageEngine Endpoint Central versions before\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ManageEngine Endpoint Central versions before\u00a011.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T12:40:15.257Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/cve-2024-9097.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "IDOR",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-9097",
"datePublished": "2025-02-05T12:40:15.257Z",
"dateReserved": "2024-09-23T04:18:05.868Z",
"dateUpdated": "2025-02-12T20:51:30.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10203 (GCVE-0-2024-10203)
Vulnerability from cvelistv5 – Published: 2024-11-07 09:20 – Updated: 2024-11-07 14:27
VLAI
Title
Agent Arbitrary File Deletion
Summary
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | EndPoint Central |
Affected:
0 , < 11.3.2416.22
(11.3.2416.21)
Affected: 0 , < 11.3.2428.10 (11.3.2416.22) |
|
| zohocorp | manageengine_endpoint_central |
Affected:
0 , < 11.3.2416.22
(custom)
Affected: 0 , < 11.3.2428.10 (custom) cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_endpoint_central",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "11.3.2416.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.2428.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:14:19.663318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:27:15.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EndPoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2416.22",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.21"
},
{
"lessThan": "11.3.2428.10",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brenden Meeder"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T09:20:07.450Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/cve-2024-10203.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-10203",
"datePublished": "2024-11-07T09:20:07.450Z",
"dateReserved": "2024-10-21T04:28:34.057Z",
"dateUpdated": "2024-11-07T14:27:15.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38868 (GCVE-0-2024-38868)
Vulnerability from cvelistv5 – Published: 2024-08-30 17:44 – Updated: 2024-08-30 17:59
VLAI
Title
Incorrect Authorization
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2406.08
(11.3.2416.04)
Affected: 0 , < 11.3.2400.15 (11.3.2400.25) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:59:35.976253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:59:41.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2406.08",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.04"
},
{
"lessThan": "11.3.2400.15",
"status": "affected",
"version": "0",
"versionType": "11.3.2400.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect authorization vulnerability while isolating the devices.\u003c/span\u003e\u003cp\u003eThis issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:44:38.932Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/security-updates-ngav.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-38868",
"datePublished": "2024-08-30T17:44:38.932Z",
"dateReserved": "2024-06-20T13:15:39.620Z",
"dateUpdated": "2024-08-30T17:59:41.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38869 (GCVE-0-2024-38869)
Vulnerability from cvelistv5 – Published: 2024-08-23 14:07 – Updated: 2024-08-30 18:47
VLAI
Title
Incorrect Authorization
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ManageEngine | Endpoint Central |
Affected:
0 , < 11.3.2416.04
(11.3.2416.04)
Affected: 0 , < 11.3.2400.25 (11.3.2400.25) |
|
| zohocorp | manageengine_endpoint_central |
Affected:
0 , < 11.3.2416.04
(custom)
Affected: 0 , < 11.3.2400.25 (custom) cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_endpoint_central",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:31:53.529114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:47:26.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.04"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "11.3.2400.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect authorization vulnerability in remote office deploy configurations.\u003c/span\u003e\u003cp\u003eThis issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:30:05.650Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-38869",
"datePublished": "2024-08-23T14:07:46.792Z",
"dateReserved": "2024-06-20T13:15:39.620Z",
"dateUpdated": "2024-08-30T18:47:26.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}