Severity: Medium
CVE ID: CVE-2024-12686
Affected Software Version(s): DDI Central Node Agent builds below 4001
Fixed Version: Build 4002
Fixed on: May 6, 2024
Details:
The ManageEngine DDI Node Agent build number 4001 had a medium severity vulnerability where user with administrative privilege can execute commands on Node Agent Servers. The vulnerability was fixed by validating every user input on the web interface and also at the backend server.
Impact:
This flaw allowed attackers to delete any product file(s) from product installation directory and also from other directory of installated server.
Acknowledgements:
This issue was reported by Zewei Zhang from NSFOCUS TIANJI Lab.