CVE-2024-0252

ManageEngine ADSelfService Plus versions6401and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ManageEngineCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.4
zohocorpmanageengine_adselfservice_plus
6.4:6400
zohocorpmanageengine_adselfservice_plus
6.4:6401
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html