Zoho ManageEngine ADAudit Plus Vulnerability Allows SQL Injection
CVE-2023-49335

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 20 May 2024

🔔 Create Manageengine Vulnerability Alert

What is CVE-2023-49335?

A vulnerability exists in Zoho ManageEngine ADAudit Plus that permits SQL injection when retrieving file server details. The flaw impacts versions prior to 7271, enabling potential attackers to exploit this weakness to access sensitive data. If unaddressed, such vulnerabilities can lead to unauthorized access, data breaches, and a compromise of system integrity.

Affected Version(s)

ADAudit Plus 0 < 7271

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2024
Vulnerability Reserved
Nov 27, 2023