CVE-2024-0252 HIGH

CVE-2024-0252: Remote code execution

Vendor Manageengine
Product ADSelfService Plus
Weakness CWE-94 · Code injection
Published January 11, 2024
Last update June 17, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Key dates

02Disclosure timeline

January 11, 2024 CVE published
June 17, 2025 Record updated