CVE-2024-5467

CWE-89 — SQL Injection CWE-200 — Information Exposure4 documents4 sources

Severity

8.8HIGH

EPSS

0.8%

top 26.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedAug 23

Description

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

▶NVDzohocorp/manageengine_adaudit_plus8.0+1

▶CVEListV5manageengine/adaudit_plus< 8121

🔴Vulnerability Details

GHSA

GHSA-fmxx-4w94-fc85: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report↗2024-08-23

▶

CVEList

SQL Injection↗2024-08-23

▶

GHSA

Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak↗2024-04-25

▶