Zoho ManageEngine ITOM Proxy Server Cross-Site Scripting Vulnerability
CVE-2024-36038

6.3MEDIUM

Key Information:

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 24 June 2024

Summary

Zoho ManageEngine ITOM products from version 128234 to 128248 are susceptible to a stored cross-site scripting vulnerability in the proxy server option. This vulnerability allows attackers to inject malicious scripts that are stored on the server and executed in the context of users accessing the affected ITOM services. Exploitation of this vulnerability may lead to unauthorized access, data manipulation, and a potential compromise of user credentials, thus posing significant security risks to organizations utilizing these products.

Affected Version(s)

OpManager Windows 128234 < 128248

References

https://www.manageengine.com/itom/advisory/cve-2024-36038...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
May 17, 2024