CVE-2024-0252

EUVD-2024-16048
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ManageEngineCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.4
zohocorpmanageengine_adselfservice_plus
6.4:6400
zohocorpmanageengine_adselfservice_plus
6.4:6401
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html