CVE-2024-27311

EPSS 0.17%
Published 17.07.2024 11:15:09
Last modified 21.11.2024 09:04:18
Source 0fc0942c-577d-436f-ae8e-945763
Teams watchlist Login
Open Login

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Ddi Central Version < 4002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.384

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0fc0942c-577d-436f-ae8e-945763c79b02	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27311

EUVD