CVE-2024-38869 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-38869

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Published: Aug 23, 2024
Updated: May 4, 2025
CVE: CVE-2024-38869
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	14.8-14800	14.8-14800.x
zohocorp / manageengine_servicedesk_plus	14.8-14810	14.8-14810.x
zohocorp / manageengine_servicedesk_plus	-	14.7.x
zohocorp / manageengine_servicedesk_plus_msp	-	14.7.x
zohocorp / manageengine_supportcenter_plus	14.8-14800	14.8-14800.x
zohocorp / manageengine_supportcenter_plus	-	14.7.x