CVE-2024-10203 – Agent Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10203
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminación arbitraria de archivos en las máquinas instaladas por el agente. • https://www.manageengine.com/products/desktop-central/cve-2024-10203.html • CWE-269: Improper Privilege Management •
CVE-2024-38868 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38868
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 • https://www.manageengine.com/products/desktop-central/security-updates-ngav.html • CWE-863: Incorrect Authorization •
CVE-2024-38869 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38869
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html https://www.manageengine.com/products/desktop-central/security-updates-config-access.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •