Lucene search
0fc0942c-577d-436f-ae8e-945763c79b02NVD:CVE-2024-5678HistoryAug 01, 2024 - 7:15 a.m.
CVE-2024-5678
2024-08-0107:15:03
CWE-89
0fc0942c-577d-436f-ae8e-945763c79b02
web.nvd.nist.gov
5
cve-2024-5678
zohocorp
manageengine
applications manager
sql injection
create monitor
authenticated
admin-only
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS
0.003
Percentile
71.2%
Zohocorp ManageEngine Applications Manager versionsΒ 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Affected configurations
Node
zohocorpmanageengine_applications_managerRange<16.8
ORzohocorpmanageengine_applications_managerMatch16.8-
ORzohocorpmanageengine_applications_managerMatch16.8build16800
ORzohocorpmanageengine_applications_managerMatch16.8build16810
ORzohocorpmanageengine_applications_managerMatch16.8build16820
ORzohocorpmanageengine_applications_managerMatch16.8build16830
ORzohocorpmanageengine_applications_managerMatch16.8build16840
ORzohocorpmanageengine_applications_managerMatch16.8build16841
ORzohocorpmanageengine_applications_managerMatch16.8build16842
ORzohocorpmanageengine_applications_managerMatch16.8build16843
ORzohocorpmanageengine_applications_managerMatch17.0-
ORzohocorpmanageengine_applications_managerMatch17.0build170000
ORzohocorpmanageengine_applications_managerMatch17.0build170001
ORzohocorpmanageengine_applications_managerMatch17.0build170100
ORzohocorpmanageengine_applications_managerMatch17.0build170200
ORzohocorpmanageengine_applications_managerMatch17.0build170300
ORzohocorpmanageengine_applications_managerMatch17.0build170400
ORzohocorpmanageengine_applications_managerMatch17.0build170500
ORzohocorpmanageengine_applications_managerMatch17.0build170600
ORzohocorpmanageengine_applications_managerMatch17.0build170700
ORzohocorpmanageengine_applications_managerMatch17.0build170800
ORzohocorpmanageengine_applications_managerMatch17.0build170900
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.8 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-5678 SQL Injection
2024-08-01 06:54:25
vulnrichment
vulnrichment
CVE-2024-5678 SQL Injection
2024-08-01 06:54:25
cve
cve
CVE-2024-5678
2024-08-01 07:15:03
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS
0.003
Percentile
71.2%
Related for NVD:CVE-2024-5678