CVE-2024-9097: IDOR

3.5 CVSS

Description

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.

Classification

CVE ID: CVE-2024-9097

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected Products

Vendor: ManageEngine

Product: Endpoint Central

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.85% (scored less or equal to compared to others)

EPSS Date: 2025-03-06 (when was this score calculated)

References

https://www.manageengine.com/products/desktop-central/cve-2024-9097.html

Timeline

2025-02-06 00:30:15 UTC
CVE

IDOR