CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9097 – IDOR
https://notcve.org/view.php?id=CVE-2024-9097
05 Feb 2025 — ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. • https://www.manageengine.com/products/desktop-central/cve-2024-9097.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10203 – Agent Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10203
07 Nov 2024 — Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminación arbitraria de archivos en las máquinas instaladas por el agente. • https://www.manageengine.com/products/desktop-central/cve-2024-10203.html • CWE-269: Improper Privilege Management •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38868 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38868
30 Aug 2024 — Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 • https://www.manageengine.com/products/desktop-central/security-updates-ngav.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38869 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38869
23 Aug 2024 — An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. Zohocorp ManageEngine Endpoint C... • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •