Low-Privileged User Can Perform Admin Actions on Zoho ManageEngine PAM360 Version 6601
CVE-2024-27312

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Pam360
Vendor: CVE Published:; 20 May 2024

Summary

An authorization vulnerability exists in ManageEngine PAM360 version 6601, enabling low-privileged users to execute administrative functions. This represents a substantial security risk, as users without proper privileges could potentially gain unauthorized access to critical administrative capabilities, undermining system integrity and security. The flaw is exclusive to PAM360 version 6601, with no other versions impacted, necessitating prompt attention from users to mitigate potential risks.

Affected Version(s)

PAM360 6600 < 6601

References

https://www.manageengine.com/privileged-access-management...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2024

Collectors

NVD DatabaseMitre Database