Vulnerabilities

CVE-2024-0252

by Fred · 11/01/2024

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

More information : https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 8.8
Base severity : HIGH
Exploitability score : 2.8
Impact score : 5.9

Similar

Tags: Cybersecurity Alert