Skip to main content

Manageengine Applications Manager CVE-2024-41140

HIGH
Incorrect Authorization (CWE-863)
2025-01-29 0fc0942c-577d-436f-ae8e-945763c79b02
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
CVE Published
Jan 29, 2025 - 12:15 nvd
HIGH 8.1

DescriptionCVE.org

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

AnalysisAI

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. Affected products include: Zohocorp Manageengine Applications Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

CVE-2018-7890 CRITICAL POC
9.8 Mar 08

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). Rated

CVE-2017-16543 CRITICAL POC
9.8 Nov 05

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated

CVE-2019-11469 CRITICAL POC
9.8 Apr 23

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Rated cri

CVE-2019-11448 CRITICAL POC
9.8 Apr 22

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. Rated critical severity (CVSS 9.8),

CVE-2018-15168 CRITICAL POC
9.8 Aug 08

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids

CVE-2018-13050 CRITICAL POC
9.8 Jul 02

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_usernam

CVE-2017-16542 HIGH POC
8.8 Nov 05

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name param

CVE-2019-15105 HIGH POC
8.8 Aug 16

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. Rated high severity (CVSS 8.8), this vuln

CVE-2019-15104 HIGH POC
8.8 Aug 16

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. Rated high severity (CVSS 8.8), this vulnerability

CVE-2017-16851 CRITICAL
9.8 Nov 16

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.

CVE-2017-16850 CRITICAL
9.8 Nov 16

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid pa

CVE-2017-16849 CRITICAL
9.8 Nov 16

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoar

Share

CVE-2024-41140 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy