What the vulnerability does
01Description
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
CVSS base score
8.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
January 29, 2025
CVE published
February 12, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-9228 Insufficient authorization when creating notes
CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins
CVE-2018-8790
CVE-2025-15322 Tanium addressed an improper access controls vulnerability in Tanium Server.
CVE-2020-15126 Information disclosure through Viewer query in parse-server
