CVE-2024-0252

EPSS 42.87%
Veröffentlicht 11.01.2024 08:15:35
Zuletzt bearbeitet 21.11.2024 08:46:09
Quelle 0fc0942c-577d-436f-ae8e-945763
Teams Watchlist Login
Unerledigt Login

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Adselfservice Plus Version < 6.4

Zohocorp ≫ Manageengine Adselfservice Plus Version6.4 Update6400

Zohocorp ≫ Manageengine Adselfservice Plus Version6.4 Update6401

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	42.87%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0fc0942c-577d-436f-ae8e-945763c79b02	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0252

EUVD