ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html | Vendor Advisory |
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html - Vendor Advisory |
07 Jun 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
19 Jan 2024, 18:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html - Vendor Advisory | |
First Time |
Zohocorp manageengine Adselfservice Plus
Zohocorp |
15 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. |
11 Jan 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 08:15
Updated : 2024-11-21 08:46
NVD link : CVE-2024-0252
Mitre link : CVE-2024-0252
CVE.ORG link : CVE-2024-0252
JSON object : View
Products Affected
zohocorp
- manageengine_adselfservice_plus
CWE