Lucene search
ManageEngineCVE-2024-36514HistoryAug 23, 2024 - 2:15 p.m.
CVE-2024-36514
2024-08-2314:15:09
CWE-89
ManageEngine
web.nvd.nist.gov
24
zohocorp
manageengine
adaudit plus
sql injection
file summary
risk
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
31.8%
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
Affected configurations
Node
zohocorpmanageengine_adaudit_plusRange<8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_adaudit_plus | * | cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
]Related
cvelist
cvelist
CVE-2024-36514 SQL Injection
2024-08-23 13:37:56
nvd
nvd
CVE-2024-36514
2024-08-23 14:15:09
vulnrichment
vulnrichment
CVE-2024-36514 SQL Injection
2024-08-23 13:37:56
nessus
nessus
ManageEngine ADAudit Plus < Build 8000 Multiple Vulnerabilities
2024-08-28 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
31.8%
Related for CVE-2024-36514