Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-46792 Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Nov 2024 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Zohocorp
Zohocorp manageengine Adaudit Plus
CPEs cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8120:*:*:*:*:*:*
Vendors & Products Zohocorp
Zohocorp manageengine Adaudit Plus

Thu, 24 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Manageengine
Manageengine adaudit Plus
CPEs cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*
Vendors & Products Manageengine
Manageengine adaudit Plus
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 24 Oct 2024 11:45:00 +0000

Type Values Removed Values Added
Description Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
Title SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published:

Updated: 2024-10-24T13:55:28.297Z

Reserved: 2024-06-03T19:38:45.832Z

Link: CVE-2024-5608

cve-icon Vulnrichment

Updated: 2024-10-24T13:51:11.459Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-24T12:15:04.070

Modified: 2024-11-26T01:42:21.587

Link: CVE-2024-5608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.