cvelistv5 - cve-2024-41140

cve-2024-41140

Vulnerability from cvelistv5

Published
2025-01-29 11:14
Modified
2025-02-12 19:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Improper Authorization
References
▼	URL	Tags
	0fc0942c-577d-436f-ae8e-945763c79b02	https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html	Vendor Advisory
Impacted products
▼	Vendor	Product
	ManageEngine	Applications Manager
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T14:06:02.590376Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:51:14.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Applications Manager",
          "vendor": "ManageEngine",
          "versions": [
            {
              "lessThanOrEqual": "174000",
              "status": "affected",
              "version": "0",
              "versionType": "174000"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "maneesh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e174000 and prior are vulnerable to the incorrect authorization in the update user function.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T11:14:50.910Z",
        "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "shortName": "ManageEngine"
      },
      "references": [
        {
          "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper Authorization",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
    "assignerShortName": "ManageEngine",
    "cveId": "CVE-2024-41140",
    "datePublished": "2025-01-29T11:14:50.910Z",
    "dateReserved": "2024-07-16T07:03:21.743Z",
    "dateUpdated": "2025-02-12T19:51:14.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41140\",\"sourceIdentifier\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"published\":\"2025-01-29T12:15:28.293\",\"lastModified\":\"2025-09-29T18:08:54.547\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function.\"},{\"lang\":\"es\",\"value\":\"Las versiones 174000 y anteriores de Zohocorp ManageEngine Applications Manager son vulnerables a la autorizaci\u00f3n incorrecta en la funci\u00f3n de actualizaci\u00f3n de usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0\",\"matchCriteriaId\":\"6F60B2FA-65D9-4F15-8F36-5BBD328D70E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndExcluding\":\"17.3\",\"matchCriteriaId\":\"5B24E6C3-B81B-4324-A3AF-02B8C5A9CACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DBF4AD2-F1FA-4397-872D-15F7F0B499ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D9A360-987B-4631-AC4E-A83C19AC6218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF0F0C0E-7534-490B-B009-8B24E258D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170002:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD6375B4-C9BD-44F0-A0B9-2F5CD80EE54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170003:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD694576-88FB-4A79-9A7E-744359439133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170004:*:*:*:*:*:*\",\"matchCriteriaId\":\"719105AD-C4D8-43FD-AF87-2E1F400413E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170005:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF01C0D-3362-46B0-8D9E-2D54AD6906D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170006:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FB1C60A-13B5-4D35-834D-39D31F07A46E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170007:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A66F8C-322C-4AE8-A915-85D813028E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3785344C-D42E-4408-8DA6-05800B17D61A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173000:*:*:*:*:*:*\",\"matchCriteriaId\":\"87A0EB98-F81A-4870-8D78-4E6C0B7F06D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173100:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D43D3E-99DA-4BAA-8326-FB0C344CD58F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173200:*:*:*:*:*:*\",\"matchCriteriaId\":\"444D1677-D36C-4402-A78B-E719B8EE7C4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173300:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAC7171-AAFC-4308-9181-22B4C9E92196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173301:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB9713C-4105-4E98-AC7A-9057B6657329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173302:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C7E0A0-FE94-4702-9099-3BD1636E99CB\"}]}]}],\"references\":[{\"url\":\"https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html\",\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2024-41140

Vulnerability from cvelistv5

ghsa-43vj-hhq4-8c72

Vulnerability from github

Tags
