CVE-2024-9097: Security enhancement to access controls in chat feature

This document highlights the security update for a vulnerability identified in the text chat feature within Endpoint Central.

Severity: Low

Update release date: 27 December 2024

Update release build:

11.3.2440.0 and below, upgrade to 11.3.2440.09

11.3.2428.01 and below, upgrade to 11.3.2428.26

Reported by: Vishnu Das from Temenos via ZohoCorp Bug Bounty program

The text chat feature may allow unauthorized actions, potentially enabling one user to appear as another.

This has been identified and fixed on 27-12-2024. Follow the below steps to apply this fix,

Log in to your Endpoint Central console, click on your current build number on the top right corner.
You can find the latest build applicable to you. Download the PPM and update.

Cloud applicability: No

For any further questions or concerns about this, please write to our support team.