CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:*

History

07 Jun 2024, 09:15

Type Values Removed Values Added
CWE CWE-94

19 Jan 2024, 18:54

Type Values Removed Values Added
CPE cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html - () https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Zohocorp manageengine Adselfservice Plus
Zohocorp

15 Jan 2024, 14:15

Type Values Removed Values Added
Summary ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

11 Jan 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 08:15

Updated : 2024-06-07 09:15


NVD link : CVE-2024-0252

Mitre link : CVE-2024-0252

CVE.ORG link : CVE-2024-0252


JSON object : View

Products Affected

zohocorp

  • manageengine_adselfservice_plus
CWE
NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')