CVE-2024-0252

EPSS 42.87%
Published 11.01.2024 08:15:35
Last modified 21.11.2024 08:46:09
Source 0fc0942c-577d-436f-ae8e-945763
Teams watchlist Login
Open Login

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Adselfservice Plus Version < 6.4

Zohocorp ≫ Manageengine Adselfservice Plus Version6.4 Update6400

Zohocorp ≫ Manageengine Adselfservice Plus Version6.4 Update6401

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	42.87%	0.974

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0fc0942c-577d-436f-ae8e-945763c79b02	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0252

EUVD