Denial of Service Vulnerability in Zoho ManageEngine ADAudit
CVE-2018-19118

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Adaudit Plus
Vendor: CVE Published:; 13 December 2018

What is CVE-2018-19118?

A stack-based buffer overflow vulnerability in Zoho ManageEngine ADAudit prior to version 5.1 build 5120 allows remote attackers to crash the application by exploiting the 'Domain Name' field when adding a new domain. This can result in a denial of service, impacting the availability of the application.

References

https://www.manageengine.com/products/active-directory-au...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Nov 8, 2018

Zohocorp

What is CVE-2018-19118?

References

EPSS Score

CVSS V3.1

Timeline