ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection
CVE-2024-36515

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 23 August 2024

Summary

The vulnerability affects Zohocorp's ManageEngine ADAudit Plus prior to version 8000, where an authenticated SQL injection flaw exists in the dashboard component. This weakness allows authenticated attackers to manipulate SQL queries, potentially leading to unauthorized access or manipulation of data within the application. It is crucial for users to assess their systems and apply necessary patches or updates to mitigate associated risks.

Affected Version(s)

ADAudit Plus 0 < 8000

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
May 29, 2024

Collectors

NVD DatabaseMitre Database