Lucene search
ManageEngineVULNRICHMENT:CVE-2024-36037HistoryMay 27, 2024 - 5:59 p.m.
CVE-2024-36037 Insufficient Access Control Vulnerability
2024-05-2717:59:52
ManageEngine
github.com
zoho
adaudit plus
access control
vulnerability
session recordings
unauthorized users
local agent machine
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "7270",
"status": "affected",
"version": "0",
"versionType": "7270"
}
]
}
]Related
cve
cve
CVE-2024-36037
2024-05-27 18:15:10
nvd
nvd
CVE-2024-36037
2024-05-27 18:15:10
cvelist
cvelist
CVE-2024-36037 Insufficient Access Control Vulnerability
2024-05-27 17:59:52
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-36037