CVE-2024-36036 — Missing Authorization in Adaudit Plus

CWE-862 — Missing Authorization2 documents2 sources

Severity

4.2MEDIUMNVD

EPSS

0.1%

top 69.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedMay 27

Description

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 1.1 | Impact: 2.7

Affected Packages2 packages

▶NVDzohocorp/manageengine_adaudit_plus< 7.2+1

▶CVEListV5manageengine/adaudit_plus< 7270

🔴Vulnerability Details

CVEList

Insufficient Access Control Vulnerability↗2024-05-27

▶