CVE-2024-5466

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5466
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/itom/advisory/cve-2024-5466.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoho:manageengine_remote_monitoring_and_management:-:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128187:*:*:*:*:*:*
History

27 Aug 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Zohocorp ManageEngine OpManager y Remote Monitoring and Management versiones 128329 e inferiores son vulnerables a la ejecución remota de código autenticado en la opción de implementación del agente.
CPE cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.8:build128186:*:*:*:*:*:*
cpe:2.3:a:zoho:manageengine_remote_monitoring_and_management:-:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128187:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.8:build128104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128104:*:*:*:*:*:*
References () https://www.manageengine.com/itom/advisory/cve-2024-5466.html - () https://www.manageengine.com/itom/advisory/cve-2024-5466.html - Vendor Advisory
First Time Zohocorp manageengine Opmanager Plus
Zoho manageengine Remote Monitoring And Management
Zohocorp manageengine Opmanager Msp
Zohocorp manageengine Opmanager
Zoho
Zohocorp

23 Aug 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-23 14:15

Updated : 2024-08-27 13:32

NVD link : CVE-2024-5466

Mitre link : CVE-2024-5466

CVE.ORG link : CVE-2024-5466

JSON object : View

Products Affected

zohocorp

  • manageengine_opmanager_plus
  • manageengine_opmanager
  • manageengine_opmanager_msp

zoho

  • manageengine_remote_monitoring_and_management
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')