PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager
Maneesh
·
Published
2025-01-29
·
Updated
2025-01-29
·
CVE-2024-41140
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zohocorp ManageEngine Applications Manager versions 174000 and prior
Description
The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.
Recommendations
For versions 174000 and prior, consider disabling the update user function until a patch is available. Restrict access to the update user functionality to minimize the risk of exploitation. Avoid using the update user function in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Applications Manager