CVE-2024-27311

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
ManageEngineCNA
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
zohocorpmanageengine_ddi_central
𝑥
< 4002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html