The list of vulnerabilities mention below have been fixed in Endpoint Central build 10.0.647. These vulnerabilities were reported by Tomasz Kuczyński.
S. No | Vulnerability Details | Applicability for Endpoint Central Cloud |
1. | Basic authentication in the agent - server communication has been enhanced with Client Certification Authentication. | Not applicable |
2. | Improper authorization handling in agent data posted to the server has been addressed. | Not applicable |
3. | Stored XSS vulnerability in the Inventory section has been addressed. | Fixed and released on August 18, 2021 |
4. | Single token per instance for agent authentication has been enhanced with an individual certificate for every agent (CVE-2020-28050). | Not applicable |
This has been identified and fixed in Endpoint Central build 100647. Customers have to upgrade to build 100647 or above to patch this vulnerability.
The following are the steps to enable Client Certificate Authentication to address this vulnerability: Login to the web console and navigate to Admin > Security and Privacy > Security Settings > Enable Client Certificate Authentication.
You may also refer to this link for more information.
For any queries, feel free to contact our support team at endpointcentral-support@manageengine.com
Keywords: Security Updates, Vulnerabilities and Fixes.