CVE-2024-0252: 
Zoho ManageEngine ADSelfService Plus vulnerability analysis and mitigation

ManageEngine ADSelfService Plus versions 6401 and below contain a remote code execution vulnerability (CVE-2024-0252) in the load balancer component. The vulnerability affects all ADSelfService Plus installations, regardless of load balancer configurations, and requires authentication to exploit (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) and involves improper handling in the load balancer component (NVD).

When successfully exploited, an authenticated user can execute remote code on the machine where ADSelfService Plus is installed, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Vendor Advisory).

ManageEngine has released build 6402 on January 10, 2024, which implements restrictions on the communication processes in the load balancer component and restricts domain users from accessing load balancer APIs. Users are advised to update their ADSelfService Plus instance to build 6402 using the service pack (Vendor Advisory).