Brenden Meeder

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below Zohocorp ManageEngine EndPoint Central versions 11.3.2428.9 and below **Description** The issue is related to arbitrary file deletion in the agent installed machines due to insecure privilege management. This could allow an attacker to delete arbitrary files. The vulnerability affects the ManageEngine Endpoint Central MSP, a remote monitoring and management tool for desktops, servers, laptops, and mobile devices. **Recommendations** For versions 11.3.2416.21 and below, update to a version above 11.3.2416.21 to resolve the issue. For versions 11.3.2428.9 and below, update to a version above 11.3.2428.9 to resolve the issue. As a temporary workaround, consider restricting access to the agent installed machines to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delinea Privilege Manager versions prior to 12.0.1096 **Description** A local privilege escalation issue was discovered in Delinea Privilege Manager, allowing a non-administrator user to potentially execute arbitrary code as SYSTEM by exploiting a dynamic-link library (DLL) search order hijacking vulnerability. This occurs when the core agent service loads a crafted DLL file from a temporary directory used by .NET Shadow Copies. **Recommendations** For versions prior to 12.0.1096, update to version 12.0.1096 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by .NET Shadow Copies to minimize the risk of exploitation.