CVE-2024-27310 - Vulnerability Details - OpenCVE

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Zohocorp	Manageengine Adselfservice Plus

Configuration 1 [-]

OR	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400::::::

No data.

References

Link	Providers
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html

History

Wed, 27 Nov 2024 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400::::::

Tue, 08 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zohocorp Zohocorp manageengine Adselfservice Plus
CPEs		cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::
Vendors & Products		Zohocorp Zohocorp manageengine Adselfservice Plus
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 07 Oct 2024 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Mon, 07 Oct 2024 20:00:00 +0000

Type	Values Removed	Values Added
Description	Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query.	Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
Weaknesses		CWE-90

MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-05-27T17:26:14.229Z

Updated: 2024-10-07T19:44:05.359Z

Reserved: 2024-02-23T06:13:18.186Z

Link: CVE-2024-27310

Vulnrichment

Updated: 2024-08-02T00:27:59.865Z

NVD

Status : Analyzed

Published: 2024-05-27T18:15:09.693

Modified: 2024-11-27T16:25:10.307

Link: CVE-2024-27310

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27310", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "ManageEngine", "dateReserved": "2024-02-23T06:13:18.186Z", "datePublished": "2024-05-27T17:26:14.229Z", "dateUpdated": "2024-10-07T19:44:05.359Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADSelfService Plus", "vendor": "ManageEngine", "versions": [{"lessThan": "6401", "status": "affected", "version": "0", "versionType": "14730"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input."}], "value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP input."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-10-07T19:44:05.359Z"}, "references": [{"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"}], "source": {"discovery": "UNKNOWN"}, "title": "DOS Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zohocorp", "product": "manageengine_adselfservice_plus", "cpes": ["cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "builds_6400", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-31T16:52:11.510173Z", "id": "CVE-2024-27310", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T14:02:04.570Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.865Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.865Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27310", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-31T16:52:11.510173Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*"], "vendor": "zohocorp", "product": "manageengine_adselfservice_plus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "builds_6400"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-31T16:54:38.375Z"}}], "cna": {"title": "DOS Vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ManageEngine", "product": "ADSelfService Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "6401", "versionType": "14730"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP input.", "supportingMedia": [{"type": "text/html", "value": "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-10-07T19:44:05.359Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27310", "state": "PUBLISHED", "dateUpdated": "2024-10-07T19:44:05.359Z", "dateReserved": "2024-02-23T06:13:18.186Z", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "datePublished": "2024-05-27T17:26:14.229Z", "assignerShortName": "ManageEngine"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B9A77AF-9D42-42A2-84F3-4307E46D917F", "versionEndExcluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*", "matchCriteriaId": "0FCE8818-79BB-41F7-9D2E-43FEE698B325", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP input."}, {"lang": "es", "value": "Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa."}], "id": "CVE-2024-27310", "lastModified": "2024-11-27T16:25:10.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-27T18:15:09.693", "references": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"}], "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}