cbcvebase.
CVE-2024-41140
published 2025-01-29

CVE-2024-41140: Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

PriorityP337medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
EPSS
0.90%
55.0th percentile
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

Affected

5 ranges
VendorProductVersion rangeFixed in
manageengineapplications_manager<= 174000
zohocorpmanageengine_applications_manager< 17.017.0
zohocorpmanageengine_applications_manager
zohocorpmanageengine_applications_manager
zohocorpmanageengine_applications_manager>= 17.1 < 17.317.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.