This document highlights the security update implemented in Endpoint Central to enhance the security of configuration deployments.
Severity: Medium
Fixed build:
For versions 11.3.2400.22 or below, upgrade to version 11.3.2400.25
For versions 11.3.2416.03 or below, upgrade to 11.3.2416.04
Released on: June 2024
Reported by: Jayateertha Guruprasad via Zoho Corp Bug Bounty Program
Certain API's scope parameters for technicians were misconfigured, allowing technicians to view execution summary of computer configuration beyond their usually designated scope. This issue has now been resolved by implementing proper access control mechanisms.
To apply the fix, please follow the steps below:
Note: This vulnerability is applicable for both on-premises and cloud versions.
For any further questions or concerns on this, please write to our support team at endpointcentral-support@manageengine.com