Fix for Archive Logs Vulnerability in Agent Tray Icon

This document highlights the security update for a vulnerability identified in the archive logs feature of the agent tray icon within Endpoint Central.

Release Notes

• Severity: Medium
• Update Release Date: 12 July 2024
• Reported by:  Simon via ManageEngine Bug bounty program.

What was the problem?

The archive logs feature in the agent tray icon could inadvertently copy files from directories that the user did not have access to, due to the handling of file junctions. This posed a potential security risk by exposing unauthorized files. We have implemented additional checks to ensure proper handling of file links before copying the files to the agent directory.

Fix build:

• For Enterprise- 11.3.2428.2
• 11.3.2400.34 and below, upgrade to 11.3.2400.35
• 11.3.2416.17 and below, upgrade to 11.3.2416.18

How to fix it?

This has been identified and fixed in Endpoint Central builds released on 12 July 2024.

To apply this fix, follow these steps below:   

1. Login to the product console.
2. Click on your current build number (top right corner).
3. Download and install the latest applicable update (PPM).

Note: This vulnerability is applicable for both On-Premises and Cloud versions.

Contact Support

If you have any questions or require further assistance, please don't hesitate to contact our support team.