CVE-2024-36485

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 33.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedNov 4

Description

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

▶NVDzohocorp/manageengine_adaudit_plus< 8.1+1

▶CVEListV5manageengine/adaudit_plus< 8121

🔴Vulnerability Details

CVEList

SQL Injection↗2024-11-04

▶

GHSA

GHSA-g7rx-xjjw-j9xq: Zohocorp ManageEngine ADAudit Plus versions 8121 and prior are vulnerable to SQL Injection in Technician reports option↗2024-11-04

▶