cbcvebase.
CVE-2024-0252
published 2024-01-11

CVE-2024-0252: ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer…

PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
7.81%
93.9th percentile
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
manageengineadselfservice_plus< 64026402
zohocorpmanageengine_adselfservice_plus< 6.46.4
zohocorpmanageengine_adselfservice_plus
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.