CVE-2024-38869— Incorrect Authorization

CVSS 8.3 · High EPSS 0.05% · P17 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38869

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Incorrect Authorization

Source: NVD (National Vulnerability Database)

Vulnerability Description

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

ZOHO ManageEngine ServiceDesk Plus和SupportCenter Plus 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ZOHO ManageEngine ServiceDesk Plus（SDP）和ZOHO ManageEngine SupportCenter Plus都是美国卓豪（ZOHO）公司的产品。ZOHO ManageEngine ServiceDesk Plus是一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。ZOHO ManageEngine SupportCenter Plus是一种基于 Web 的客户支持软件。用于让组织有效地管理客户

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ManageEngine	Endpoint Central	0 ~ 11.3.2416.04	-

II. Public POCs for CVE-2024-38869

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-38869

请登录查看更多情报信息。

Same Patch Batch · ManageEngine · 2024-08-23 · 11 CVEs total

CVE-2024-5466	8.8 HIGH	Remote Code Execution
CVE-2024-5467	8.3 HIGH	SQL Injection
CVE-2024-36517	8.3 HIGH	SQL Injection
CVE-2024-36516	8.3 HIGH	SQL Injection
CVE-2024-36515	8.3 HIGH	SQL Injection
CVE-2024-36514	8.3 HIGH	SQL Injection
CVE-2024-5490	8.3 HIGH	SQL Injection
CVE-2024-5556	8.3 HIGH	SQL Injection
CVE-2024-5586	8.3 HIGH	SQL Injection
CVE-2024-41150	6.3 MEDIUM	Stored XSS

IV. Related Vulnerabilities

Same product: Endpoint Central

Same vendor: ManageEngine

Same weakness: CWE-863

V. Comments for CVE-2024-38869

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-38869— Incorrect Authorization

I. Basic Information for CVE-2024-38869

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-38869

III. Intelligence Information for CVE-2024-38869

Same Patch Batch · ManageEngine · 2024-08-23 · 11 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-38869

Leave a comment