Lucene search
ManageEngineCVE-2024-36517HistoryAug 23, 2024 - 2:15 p.m.
CVE-2024-36517
2024-08-2314:15:10
CWE-89
ManageEngine
web.nvd.nist.gov
25
manageengine adaudit plus
sql injection
vulnerable
alerts module
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
31.8%
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
Affected configurations
Node
zohocorpmanageengine_adaudit_plusRange<8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_adaudit_plus | * | cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-36517 SQL Injection
2024-08-23 13:34:01
cvelist
cvelist
CVE-2024-36517 SQL Injection
2024-08-23 13:34:01
nvd
nvd
CVE-2024-36517
2024-08-23 14:15:10
nessus
nessus
ManageEngine ADAudit Plus < Build 8000 Multiple Vulnerabilities
2024-08-28 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
31.8%
Related for CVE-2024-36517