CVE-2024-0252

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 11, 2024

Updated: Jun 7, 2024

CWE ID 94

Summary

CVE-2024-0252 is a newly disclosed vulnerability that affects ManageEngine ADSelfService Plus versions 6.4.0.1 and below. This issue stems from the improper handling of data in the load balancer component. An attacker with authentication credentials can exploit this vulnerability to execute remote code. This weakness poses a significant risk to organizations running the affected software and emphasizes the importance of updating to the latest, secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ManageEngine ADSelfService Plus

Affected Vendors

Zoho Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uCojlg
https://www.cve.org/CVERecord?id=CVE-2024-0252
https://nvd.nist.gov/vuln/detail/CVE-2024-0252

Back to Vulnerability Database