CVE-2024-36485

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36485
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8120:*:*:*:*:*:*
History

07 Nov 2024, 11:15

Type Values Removed Values Added
Summary (en) Zohocorp ManageEngine ADAudit Plus versions 8121 and prior are vulnerable to SQL Injection in Technician reports option. (en) Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

05 Nov 2024, 19:44

Type Values Removed Values Added
References () https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html - () https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html - Vendor Advisory
CPE cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8120:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
Summary
  • (es) Las versiones 8121 y anteriores de Zohocorp ManageEngine ADAudit Plus son vulnerables a la inyección SQL en la opción de informes técnicos.
First Time Zohocorp manageengine Adaudit Plus
Zohocorp
CVSS v2 : unknown
v3 : 8.3 		v2 : unknown
v3 : 8.8

04 Nov 2024, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-04 12:16

Updated : 2024-11-07 11:15

NVD link : CVE-2024-36485

Mitre link : CVE-2024-36485

CVE.ORG link : CVE-2024-36485

JSON object : View

Products Affected

zohocorp

  • manageengine_adaudit_plus
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')