# CVE-2024-38868: Access control mechanism fixes in ransomware protection module

**CVE Details:** CVE-2024-38868  
**Severity:** High  
**Update Release Date:** 2nd April 2024  
**Reported by:** Jayateertha Guruprasad via ManageEngine Bug bounty program.

## What were the problems?

Below issues in the access control mechanisms of the ransomware protection module were identified and fixed.

- Unintended exposure chances of basic computer information to unauthorized users.
- Technicians isolating/desolating devices outside of their assigned purview.

## How were the problems resolved?

Respective scope-based access control improvements were done.

## Fix build:

- Versions 11.3.2406.05 and below, upgrade to 11.3.2406.08  
- Versions 11.3.2400.12 and below, upgrade to 11.3.2400.15

## How do I apply the fix?

This has been identified and fixed on **2nd April 2024.**

To apply this fix, follow these steps below:

1. Login to the product console.
2. Click on your current build number (top right corner).
3. Download and install the latest applicable update (PPM).

## Contact support

If you have any questions or require further assistance, please don't hesitate to [contact our support team](https://www.manageengine.com/products/desktop-central/request-support.html).