SQL Injection in ADAudit Plus
CVE-2024-21791

7.2HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 22 May 2024

🔔 Create Manageengine Vulnerability Alert

What is CVE-2024-21791?

A SQL Injection vulnerability has been identified in the lockout history feature of Zoho ManageEngine ADAudit Plus, impacting versions prior to 7271. While the flaw is not accessible to non-admin users, it is crucial for organizations to be aware of the potential risks associated with this issue, as it could allow unauthorized actions within the application context if exploited by an attacker with sufficient privileges.

Affected Version(s)

ADAudit Plus Windows 0 < 7271

References

https://www.manageengine.com/products/active-directory-au...

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2024