8.8
CVE-2024-27311
- EPSS 0.17%
- Veröffentlicht 17.07.2024 11:15:09
- Zuletzt bearbeitet 21.11.2024 09:04:18
- Quelle 0fc0942c-577d-436f-ae8e-945763
- Teams Watchlist Login
- Unerledigt Login
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Ddi Central Version < 4002
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0fc0942c-577d-436f-ae8e-945763c79b02 | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.