Zohocorp ManageEngine ADAudit Plus vulnerable to SQL injection
CVE-2024-36517

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 23 August 2024

Summary

An authenticated SQL injection vulnerability exists in the alerts module of ManageEngine ADAudit Plus, affecting versions below 8000. This security flaw can allow unauthorized users to manipulate SQL queries, potentially leading to data exposure or manipulation. Organizations using affected versions should take immediate steps to update their software to safeguard against potential attacks and ensure the integrity of their data.

Affected Version(s)

ADAudit Plus 0 < 8000

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
May 29, 2024