Zohocorp ADAudit Plus Versions Below 8000 Vulnerable to Authenticated SQL Injection
CVE-2024-36516

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 23 August 2024

Summary

The vulnerability allows an authenticated user to perform a SQL injection attack against the dashboard of the affected versions of ManageEngine ADAudit Plus. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive information or database compromise. Users of ADAudit Plus versions prior to 8000 are advised to apply patches or updates to mitigate these risks promptly.

Affected Version(s)

ADAudit Plus 0 < 8000

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
May 29, 2024

Collectors

NVD DatabaseMitre Database