Lucene search

0fc0942c-577d-436f-ae8e-945763c79b02NVD:CVE-2024-27312

HistoryMay 20, 2024 - 1:15 p.m.

CVE-2024-27312

2024-05-2013:15:23

CWE-862

0fc0942c-577d-436f-ae8e-945763c79b02

web.nvd.nist.gov

zoho manageengine pam360

version 6601

authorization vulnerability

low-privileged user

admin actions

nvd

cve-2024-27312

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.

References

www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-27312