CVE-2024-27312

Published: May 20, 2024Modified: Nov 25, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.

Affected (2)

Products: Zohocorp: Manageengine Pam360

1 product

Manageengine Pam360

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Pam360	Before 6.6
Zohocorp Manageengine Pam360	Version 6.6 build6600

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Vendor Advisory

https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.