CVE-2024-38868: Access control mechanism fixes in ransomware protection module

CVE Details: CVE-2024-38868
Severity: High
Update Release Date: 2nd April 2024
Reported by: Jayateertha Guruprasad via ManageEngine Bug bounty program.

What were the problems?

Below issues in the access control mechanisms of the ransomware protection module were identified and fixed.

• Unintended exposure chances of basic computer information to unauthorized users.
• Technicians isolating/desolating devices outside of their assigned purview.

How were the problems resolved?

Respective scope-based access control improvements were done.

Fix build:

Versions 11.3.2406.05 and below, upgrade to 11.3.2406.08
Versions 11.3.2400.12 and below, upgrade to 11.3.2400.15

How do I apply the fix?

This has been identified and fixed on 2nd April 2024.

To apply this fix, follow these steps below:

1. Login to the product console.
2. Click on your current build number (top right corner).
3. Download and install the latest applicable update (PPM).

Contact support

If you have any questions or require further assistance, please don't hesitate to contact our support team.