CVE-2024-27312 | ManageEngine - PAM360 Operational Intel

Executive Risk Summary

"A low-privileged user can perform admin actions due to an authorization vulnerability in ManageEngine PAM360 version 6601. This vulnerability allows unauthorized access to sensitive features, potentially leading to security breaches."

Anticipated Attack Path

1. Initial exploitation of the authorization vulnerability
2. Elevation of privileges to admin level
3. Unauthorized access to sensitive features and data

Am I Vulnerable?

Verify the version of ManageEngine PAM360
Check for any suspicious admin activity
Review audit logs for unauthorized access attempts

Operational Audit Arsenal

Target Type Application

Target Asset PAM360

Standard Path https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html

Manual Verification Required

This is a non-Windows asset (Zohocorp). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Unlikely

Minimal, as the patch only affects the PAM360 application

Internal Work Notes

CVE-2024-27312: ManageEngine PAM360 authorization vulnerability allowing low-privileged users to perform admin actions. Apply patch to version 6601 to prevent potential security breaches.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html

Related Zohocorp Threats

CVE-2025-8324 CVSS 9.8

ManageEngine Analytics Plus - Analytics Plus Service

CVE-2025-3835 CVSS 9.6

ManageEngine Exchange Reporter Plus - Content Search module

CVE-2025-11250 CVSS 9.1

ManageEngine ADSelfService Plus - Authentication Module

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.