Vulnerability in DDI Central Could Allow Directory Traversal
CVE-2024-27311

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Ddi Central
Vendor: CVE Published:; 17 July 2024

Summary

A directory traversal vulnerability exists in ManageEngine DDI Central versions 4001 and earlier, allowing attackers to manipulate file paths and upload arbitrary files to the server's file system. This can lead to unauthorized access and potential compromise of sensitive data. Implementing appropriate input validation and restricting file upload capabilities are essential measures to mitigate this risk.

Affected Version(s)

DDI Central 0 <= 4001

References

https://www.manageengine.com/dns-dhcp-ipam/security-updat...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Feb 23, 2024

Collectors

NVD DatabaseMitre Database