Intra-system user activity data access

This document explains an unauthorized intra-system user activity data access that has been reported.

Severity - Medium
Update Release build : 11.3.2404.1
Update Release Date : 23-Feb-2024
Reported by: lxxk via ManageEngine Bug bounty program.

What was the problem?

The unauthorized user activity data access within the same endpoint in Browser Security Plus allows a user to access another user's web activity data. This impact is only within the same system accessed by multiple users.

How do I fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:

1. Login to the product console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

For any further questions or concerns on this, please write to our support team.