CVE-2024-27310 - OpenCVE

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-05-27T17:26:14.229Z

Updated: 2024-06-13T14:02:04.570Z

Reserved: 2024-02-23T06:13:18.186Z

Link: CVE-2024-27310

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-27T18:15:09.693

Modified: 2024-06-07T09:15:11.247

Link: CVE-2024-27310

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27310", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "ManageEngine", "dateReserved": "2024-02-23T06:13:18.186Z", "datePublished": "2024-05-27T17:26:14.229Z", "dateUpdated": "2024-06-13T14:02:04.570Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADSelfService Plus", "vendor": "ManageEngine", "versions": [{"lessThan": "6401", "status": "affected", "version": "0", "versionType": "14730"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query."}], "value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP query."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-06-07T08:32:25.143Z"}, "references": [{"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"}], "source": {"discovery": "UNKNOWN"}, "title": "DOS Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zohocorp", "product": "manageengine_adselfservice_plus", "cpes": ["cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "builds_6400", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-31T16:52:11.510173Z", "id": "CVE-2024-27310", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T14:02:04.570Z"}}]}}