CVE-2024-41140

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jan 29, 2025

CWE ID 863

Summary

CVE-2024-41140 is a newly disclosed vulnerability affecting Zohocorp's ManageEngine Applications Manager. Versions 174000 and prior contain a flaw in the update user function, which grants incorrect authorization to unauthenticated users. An attacker can exploit this vulnerability to gain elevated privileges, potentially leading to unauthorized access to sensitive data or system functions. This issue poses a significant risk to organizations that have not yet applied the necessary security patches. It is recommended that users upgrade to the latest version of ManageEngine Applications Manager to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xC4my4
https://www.cve.org/CVERecord?id=CVE-2024-41140
https://nvd.nist.gov/vuln/detail/CVE-2024-41140

Back to Vulnerability Database

CVE-2024-41140

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations