8.8
CVE-2024-27311
- EPSS 1.46%
- Veröffentlicht 17.07.2024 11:15:09
- Zuletzt bearbeitet 21.11.2024 09:04:18
- Quelle 0fc0942c-577d-436f-ae8e-945763
- CVE-Watchlists
- Unerledigt
LoginArbitrary file writing
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Ddi Central Version < 4002
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.46% | 0.702 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0fc0942c-577d-436f-ae8e-945763c79b02 | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html