Authorization Flaw in Zohocorp ManageEngine Applications Manager
CVE-2024-41140

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Applications Manager
Vendor: CVE Published:; 29 January 2025

Summary

Zohocorp's ManageEngine Applications Manager versions 174000 and earlier exhibit a vulnerability due to improper authorization in the update user function. This flaw could potentially allow unauthorized users to perform actions that should be restricted, which could lead to unauthorized access or modification of user accounts. It is crucial for organizations using affected versions to apply security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Applications Manager 0 <= 174000

References

https://www.manageengine.com/products/applications_manage...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
Jul 16, 2024

Credit

maneesh