CVE-2024-36515

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

1.2%

top 20.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedAug 23

Description

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

▶NVDzohocorp/manageengine_adaudit_plus< 8.0

▶CVEListV5manageengine/adaudit_plus< 8000

🔴Vulnerability Details

GHSA

GHSA-h7p8-gjr9-rp7c: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard↗2024-08-23

▶

CVEList

SQL Injection↗2024-08-23

▶