Manageengine Endpoint Central
CVE-2024-9097
LOW
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
AnalysisAI
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. Affected products include: Zohocorp Manageengine Endpoint Central. Version information: before 11.3.2440.09.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.3.2
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrar
ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.4.2500.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today