CVE-2024-36515
published 2024-08-23CVE-2024-36515: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.50%
90.3th percentile
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | adaudit_plus | < 8000 | 8000 |
| zohocorp | manageengine_adaudit_plus | < 8.0 | 8.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h7p8-gjr9-rp7c: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard
ghsa_unreviewed·2024-08-23·CVSS 8.3
CVE-2024-36515 [HIGH] CWE-89 GHSA-h7p8-gjr9-rp7c: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
GHSA
GHSA-338f-rfqj-8jxw: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard
ghsa_unreviewed·2024-08-23·CVSS 8.3
CVE-2024-36516 [HIGH] CWE-89 GHSA-338f-rfqj-8jxw: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-23
Published