Lucene search

ManageEngineCVE-2024-27313

HistoryMay 29, 2024 - 11:16 a.m.

CVE-2024-27313

2024-05-2911:16:02

CWE-79

ManageEngine

web.nvd.nist.gov

zoho manageengine

stored xss

vulnerability

version 6610

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PAM360",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThan": "6611",
        "status": "affected",
        "version": "6610",
        "versionType": "14730"
      }
    ]
  }
]

References

www.manageengine.com/privileged-access-management/advisory/cve-2024-27313.html