CVE-2024-5466

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGH

EPSS

20.0%

top 4.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Opmanager Zohocorp Manageengine Opmanager MSP Zohocorp Manageengine Opmanager Plus

Timeline

PublishedAug 23

Description

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDzohocorp/manageengine_opmanager12.7+1

▶NVDzohocorp/manageengine_opmanager_msp12.7+1

▶NVDzohocorp/manageengine_opmanager_plus12.7+1

🔴Vulnerability Details

CVEList

Remote Code Execution↗2024-08-23

▶

GHSA

GHSA-3cj6-45x3-vrjj: Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code executi↗2024-08-23

▶