What is CVE-2024-27312?

CVE-2024-27312 is a high-severity vulnerability in Manageengine Pam360, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2024-05-20.

How severe is CVE-2024-27312?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Manageengine Pam360

CVE-2024-27312

Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are appli…

Vulnerability class: Broken Access Control

EPSS: 0.009 (54.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Manageengine Pam360 — versions 6601
Zohocorp Manageengine_pam360 — versions 6.6

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

0fc0942c-577d-436f-ae8e-945763c79b02 (Vendor Advisory)

Frequently asked questions

What is CVE-2024-27312?: CVE-2024-27312 is a high-severity vulnerability in Manageengine Pam360, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2024-05-20.
How severe is CVE-2024-27312?: High severity. CVSS v3 base score is 8.1 out of 10.