ManageEngine ADSelfService Plus Vulnerable to Remote Code Execution
CVE-2024-0252

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adselfservice Plus
Vendor: CVE Published:; 11 January 2024

🔔 Create Manageengine Vulnerability Alert

What is CVE-2024-0252?

ManageEngine ADSelfService Plus versions 6401 and earlier are exposed to a vulnerability that allows remote code execution through improper handling within the load balancer component. Exploiting this vulnerability necessitates user authentication, which adds a layer of complexity but does not eliminate the risk. Attackers who gain authenticated access could potentially leverage this weakness to execute unauthorized commands and compromise system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ADSelfService Plus Windows 0

References

https://www.manageengine.com/products/self-service-passwo...

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Jan 5, 2024

JSON

Manageengine

What is CVE-2024-0252?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.