CVE-2024-5467
published 2024-08-23CVE-2024-5467: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.52%
90.3th percentile
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | openshift_cluster-monitoring-operator | 0 – 0.1.1 | — |
| manageengine | adaudit_plus | < 8121 | 8121 |
| zohocorp | manageengine_adaudit_plus | <= 8.0 | — |
| zohocorp | manageengine_adaudit_plus | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fmxx-4w94-fc85: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report
ghsa_unreviewed·2024-08-23
CVE-2024-5467 [HIGH] CWE-89 GHSA-fmxx-4w94-fc85: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
GHSA
Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
ghsa·2024-04-25
CVE-2024-1139 [HIGH] CWE-200 Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
# Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion [here](https://github.com/github/advisory-database/pull/5467#issuecomment-2812187822). This link is maintained to preserve external references.
# Original Description
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-23
Published