CVE-2023-50785

CWE-22 — Path Traversal3 documents3 sources

Severity

2.7LOW

EPSS

0.5%

top 32.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Adaudit Plus

Timeline

PublishedJan 25

Description

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶NVDzohocorp/manageengine_adaudit_plus7.2

🔴Vulnerability Details

CVEList

CVE-2023-50785: Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal↗2024-01-25

▶

GHSA

GHSA-hx7j-w75q-79h5: Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal↗2024-01-25

▶