Authenticated SQL Injection Vulnerability in ManageEngine ADAudit Plus Below Version 8000
CVE-2024-36514

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 23 August 2024

Summary

The vulnerability affects Zohocorp's ManageEngine ADAudit Plus versions earlier than 8000, enabling an authenticated SQL injection through the file summary option. This flaw permits attackers to manipulate SQL queries, potentially leading to unauthorized access and exposure of sensitive data. Ensuring that systems are updated to the latest version is recommended to mitigate this risk and enhance overall security.

Affected Version(s)

ADAudit Plus 0 < 8000

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
May 29, 2024