Zohocorp ADAudit Plus Vulnerable to SQL Injection in Technician Reports
CVE-2024-5608

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 24 October 2024

Summary

ManageEngine ADAudit Plus, developed by Zohocorp, is susceptible to a SQL Injection vulnerability located within its technician reports feature. This flaw permits attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to sensitive data, data corruption, and overall system disruption. Users with versions below 8121 should prioritize upgrades to mitigate risks associated with this vulnerability and ensure the integrity of their auditing processes.

Affected Version(s)

ADAudit Plus 0 < 8121

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Jun 3, 2024

Collectors

NVD DatabaseMitre Database