CVE-2024-5466

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5466
Zohocorp ManageEngine OpManager andĀ Remote Monitoring and Management versionsĀ 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/itom/advisory/cve-2024-5466.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:-:*:*:*:*:*:*:*
History

19 Dec 2024, 20:21

Type Values Removed Values Added
First Time Zohocorp manageengine Remote Monitoring And Management Central
CPE cpe:2.3:a:zoho:manageengine_remote_monitoring_and_management:-:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:-:*:*:*:*:*:*:*
Information

Published : 2024-08-23 14:15

Updated : 2024-12-19 20:21

NVD link : CVE-2024-5466

Mitre link : CVE-2024-5466

CVE.ORG link : CVE-2024-5466

JSON object : View

Products Affected

zohocorp

  • manageengine_opmanager_msp
  • manageengine_remote_monitoring_and_management_central
  • manageengine_opmanager
  • manageengine_opmanager_plus
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')