Authorization Vulnerability - CVE-2024-27312

Severity : High

CVE ID : CVE-2024-27312

Details :
An authorization vulnerability was discovered in PAM360 by the internal security team. We have fixed this issue, and the vulnerability no longer exists in the fixed version.

Product Name Affected Version(s) Fixed Version(s) Fixed On
PAM360 6600 6601 10th April, 2024

(Please note that this vulnerability applies to only those who have installed or upgraded to version 6600 on or before 10th April, 2024)

SHA256 values of affected builds and ppms

ManageEngine_PAM360_6500_6501_6510_6520_6530_6540_6541_to_6600.ppm - 0da3e9813571b2e267b6538ac29901ca267990f5af54c951e03ce84d13107411

ManageEngine_PAM360_64bit.bin - 604e4b0abf11820d810d7d66c71ed2e7341dab4c0ff4299234b72e00b45021c0

ManageEngine_PAM360_64bit.exe - 8f11f3ff195ade249d394008aa7c30a4cb2cfcff80ebc8c011175ea218b3d77a

ManageEngine_PAM360_MSP_64bit.bin - d4d617144121714f3e023ace6054242dbabce52b229025eb86d58706b64b26c0

ManageEngine_PAM360_MSP_64bit.exe - 78f25fc9289d90be5caab682dbf4a7c6f728f384586664ed15e3a13b10581632

ManageEngine_PasswordManager_Pro_12410_to_6600.ppm - 34be2ba6348c1472fd58bd0edca82e081bb539eac114384e768a885f9ed03634

Impact :
This vulnerability can allow non-admin users to perform privileged operations by sending crafted requests to the PAM360 server.

Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of PAM360 immediately.

Steps to Upgrade:

Please contact the product support for further details at the below mentioned email addresses:

PAM360: pam360-support@manageengine.com