CVE-2024-5586

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
1.2%
top 20.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Adaudit PlusZohocorp Manageengine Adaudit Plus
Timeline
PublishedAug 23

Description

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

CVEListV5manageengine/adaudit_plus< 8000

🔴Vulnerability Details

2
GHSA
GHSA-rpp5-g56w-xpgh: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option2024-08-23
CVEList
SQL Injection2024-08-23
CVE-2024-5586 (HIGH CVSS 8.8) | Zohocorp ManageEngine ADAudit Plus | cvebase.io