CVE-2024-0252

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
29.1%
top 3.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Adselfservice PlusZohocorp Manageengine Adselfservice Plus
Timeline
PublishedJan 11

Description

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Remote code execution2024-01-11
GHSA
GHSA-fh24-44w6-495r: ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer2024-01-11
CVE-2024-0252 (HIGH CVSS 8.8) | ManageEngine ADSelfService Plus ver | cvebase.io