← Back

CVE-2024-41140

nvd nist
Published: Jan 29, 2025Modified: Sep 29, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.2 / Impact: 5.2
Source: NVD

Description

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

Affected (18)

Zohocorp
1 product
Manageengine Applications Manager
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Applications Manager
Before 17.0
Manageengine Applications Manager
From 17.1 to 17.3
Manageengine Applications Manager
Version 17.0
Manageengine Applications Manager
Version 17.0 build170000
Manageengine Applications Manager
Version 17.0 build170001
Manageengine Applications Manager
Version 17.0 build170002
Manageengine Applications Manager
Version 17.0 build170003
Manageengine Applications Manager
Version 17.0 build170004
Manageengine Applications Manager
Version 17.0 build170005
Manageengine Applications Manager
Version 17.0 build170006
Manageengine Applications Manager
Version 17.0 build170007
Manageengine Applications Manager
Version 17.3
Manageengine Applications Manager
Version 17.3 build173000
Manageengine Applications Manager
Version 17.3 build173100
Manageengine Applications Manager
Version 17.3 build173200
Manageengine Applications Manager
Version 17.3 build173300
Manageengine Applications Manager
Version 17.3 build173301
Manageengine Applications Manager
Version 17.3 build173302

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

Source: 0fc0942c-577d-436f-ae8e-945763c79b02
Vendor Advisory

Timeline

No history available yet.