CVE-2024-0252

Published Jan 11, 2024

Last updated 23 days ago

Overview

Description
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Source
0fc0942c-577d-436f-ae8e-945763c79b02
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

0fc0942c-577d-436f-ae8e-945763c79b02
CWE-94
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations