CVE-2024-24409

HIGH

Zohocorp Manageengine Admanager Plus - Improper Privilege Management

Title source: rule

Description

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

Exploits (2)

exploitdb WRITEUP
by Metin Yunus Kandemir · textwebappsmultiple
https://www.exploit-db.com/exploits/52148
nomisec WRITEUP 1 stars
by passtheticket · poc
https://github.com/passtheticket/CVE-2024-24409

References (1)

Scores

CVSS v3 8.8
EPSS 0.0392
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (7)
zohocorp/manageengine_admanager_plus 6.1 (13 CPE variants)
zohocorp/manageengine_admanager_plus 6.2
zohocorp/manageengine_admanager_plus 6.5.7
zohocorp/manageengine_admanager_plus 6.6 6657 (2 CPE variants)
zohocorp/manageengine_admanager_plus 6.6.5
zohocorp/manageengine_admanager_plus 7.0 (22 CPE variants)
zohocorp/manageengine_admanager_plus 7.1 (10 CPE variants)
Published Nov 08, 2024
Tracked Since Feb 18, 2026