Lucene search
0fc0942c-577d-436f-ae8e-945763c79b02NVD:CVE-2024-36515HistoryAug 23, 2024 - 2:15 p.m.
CVE-2024-36515
2024-08-2314:15:10
CWE-89
0fc0942c-577d-436f-ae8e-945763c79b02
web.nvd.nist.gov
3
zohocorp
manageengine
adaudit plus
authenticated sql injection
dashboard
cve-2024-36515
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
31.8%
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus’ dashboard.
Affected configurations
Node
zohocorpmanageengine_adaudit_plusRange<8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_adaudit_plus | * | cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-36516 SQL Injection
2024-08-23 13:36:05
CVE-2024-36515 SQL Injection
2024-08-23 13:37:02
cve
cve
CVE-2024-36516
2024-08-23 14:15:10
CVE-2024-36515
2024-08-23 14:15:10
nvd
nvd
CVE-2024-36516
2024-08-23 14:15:10
vulnrichment
vulnrichment
CVE-2024-36515 SQL Injection
2024-08-23 13:37:02
CVE-2024-36516 SQL Injection
2024-08-23 13:36:05
nessus
nessus
ManageEngine ADAudit Plus < Build 8000 Multiple Vulnerabilities
2024-08-28 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
31.8%
Related for NVD:CVE-2024-36515