CVE-2023-49334
published 2024-05-20CVE-2023-49334: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.00%
85.7th percentile
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | adaudit_plus | < 7271 | 7271 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-x64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-x64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.win-arm | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.win-arm | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.win-arm64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.win-arm64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.win-x64 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.win-x64 | >= 7.0.0 < 7.0.9 | 7.0.9 |
| microsoft | microsoft.aspnetcore.app.runtime.win-x86 | >= 0 < 6.0.20 | 6.0.20 |
| microsoft | microsoft.aspnetcore.app.runtime.win-x86 | >= 7.0.0 < 7.0.9 | 7.0.9 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vcp-m87w-9x8h: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report
ghsa_unreviewed·2024-05-20
CVE-2023-49334 [HIGH] CWE-89 GHSA-5vcp-m87w-9x8h: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
GHSA
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
ghsa·2023-07-11·CVSS 8.1
CVE-2023-33170 [HIGH] CWE-362 Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords.
## Discussion
Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334
### Mitigation factors
Microsoft has not identified any mitigating facto
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-20
Published