PT-2024-28246 · Zohocorp · Manageengine Endpoint Central
Jayateertha Guruprasad
·
Published
2024-08-30
·
Updated
2024-09-04
·
CVE-2024-38868
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zohocorp ManageEngine Endpoint Central versions prior to 11.3.2406.08
Zohocorp ManageEngine Endpoint Central versions prior to 11.3.2400.15
Description
The issue is related to an incorrect authorization vulnerability when isolating devices in Zohocorp ManageEngine Endpoint Central.
Recommendations
For versions prior to 11.3.2406.08, update to version 11.3.2406.08 or later.
For versions prior to 11.3.2400.15, update to version 11.3.2400.15 or later.
As a temporary workaround, consider restricting access to the device isolation feature until a patch is available.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Manageengine Endpoint Central