ManageEngine ADSelfService Plus Vulnerable to Remote Code Execution

CVE-2024-0252

8.8HIGH

Key Information

Vendor: Manageengine
Status: Adselfservice Plus
Vendor: CVE Published:; 11 January 2024

Summary

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Affected Version(s)

ADSelfService Plus <= 0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 11, 2024
Vulnerability Reserved.
Jan 5, 2024

Collectors

NVD DatabaseMitre Database