Lucene search

ManageEngineVULNRICHMENT:CVE-2024-36038

HistoryJun 24, 2024 - 11:45 a.m.

CVE-2024-36038 Stored XSS

2024-06-2411:45:11

CWE-79

ManageEngine

github.com

cve-2024-36038

stored xss

zoho manageengine

itom

products

versions

128234-128248

cross-site scripting

vulnerability

proxy server

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

AI Score

5.9

Confidence

High

EPSS

Percentile

9.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128248:*:*:*:*:*:*"
    ],
    "vendor": "ManageEngine",
    "product": "OpManager",
    "versions": [
      {
        "status": "affected",
        "version": "128234",
        "lessThan": "128248",
        "versionType": "128248"
      }
    ],
    "platforms": [
      "Windows",
      "Linux"
    ],
    "collectionURL": "https://www.manageengine.com/network-monitoring/download.html",
    "defaultStatus": "unaffected"
  }
]

References

www.manageengine.com/itom/advisory/cve-2024-36038.html