Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection in Aggregate Reports Search Option
CVE-2023-49331

8.3HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 20 May 2024

Summary

A vulnerability has been identified in certain versions of Zoho ManageEngine ADAudit Plus, specifically those prior to version 7271. This flaw allows for SQL injection attacks via the aggregate reports search functionality, potentially enabling unauthorized access to sensitive data. Exploitation of this vulnerability could lead to manipulation of the underlying database, affecting the integrity and confidentiality of the information held within the affected application.

Affected Version(s)

ADAudit Plus 0 < 7271

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2024
Vulnerability Reserved
Nov 27, 2023

Collectors

NVD DatabaseMitre Database