CVE-2024-27311

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_ddi_central:*:*:*:*:*:*:*:*

History

18 Jul 2024, 14:09

Type	Values Removed	Values Added
References	~~() https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html -~~	() https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html - Vendor Advisory
CPE		cpe:2.3:a:zohocorp:manageengine_ddi_central::::::::
First Time		Zohocorp Zohocorp manageengine Ddi Central
Summary		(es) Zohocorp ManageEngine DDI Central versiones 4001 y anteriores eran afectados por una vulnerabilidad de directory traversal que permite al usuario cargar nuevos archivos en la carpeta del servidor.
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 8.8

17 Jul 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-17 11:15

Updated : 2024-07-18 14:09

NVD link : CVE-2024-27311

Mitre link : CVE-2024-27311

CVE.ORG link : CVE-2024-27311

JSON object : View

Products Affected

zohocorp

manageengine_ddi_central

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-27311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2024-07-17T11:15:09.863", "references": [{"url": "https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html", "tags": ["Vendor Advisory"], "source": "0fc0942c-577d-436f-ae8e-945763c79b02"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder."}, {"lang": "es", "value": "Zohocorp ManageEngine DDI Central versiones 4001 y anteriores eran afectados por una vulnerabilidad de directory traversal que permite al usuario cargar nuevos archivos en la carpeta del servidor."}], "lastModified": "2024-07-18T14:09:40.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_ddi_central:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1438A73C-3E31-44FA-B635-A114255B9B69", "versionEndExcluding": "4002"}], "operator": "OR"}]}], "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02"}