Lucene search
ManageEngineCVE-2024-27311HistoryJul 17, 2024 - 11:15 a.m.
CVE-2024-27311
2024-07-1711:15:09
CWE-434
ManageEngine
web.nvd.nist.gov
27
zohocorp manageengine
ddi central
directory traversal
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.3%
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
Affected configurations
Node
zohocorpmanageengine_ddi_centralRange<4002
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_ddi_central | * | cpe:2.3:a:zohocorp:manageengine_ddi_central:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://www.manageengine.com/dns-dhcp-ipam/",
"defaultStatus": "unaffected",
"product": "DDI Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "4001",
"status": "affected",
"version": "0",
"versionType": "4001"
}
]
}
]Related
nvd
nvd
CVE-2024-27311
2024-07-17 11:15:09
cvelist
cvelist
CVE-2024-27311 Arbitrary file writing
2024-07-17 10:52:45
vulnrichment
vulnrichment
CVE-2024-27311 Arbitrary file writing
2024-07-17 10:52:45
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.3%
Related for CVE-2024-27311