CVE-2024-27311

MEDIUM

Zohocorp ManageEngine DDI Central <4001 - Path Traversal

Title source: llm

Description

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

References (1)

Core 1

Core References

Vendor Advisory

https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html

Scores

CVSS v3 5.5

EPSS 0.0041

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

zohocorp/manageengine_ddi_central < 4002

Published Jul 17, 2024

Tracked Since Feb 18, 2026