CVE-2024-27311

EUVD-2024-24527
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
ManageEngineCNA
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_ddi_central
𝑥
< 4002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html
https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html