CVE-2024-5678

CWE-89 โ€” SQL Injection6 documents5 sources
Severity
4.7MEDIUM
EPSS
1.5%
top 18.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Applications ManagerZohocorp Manageengine Applications Manager
Timeline
PublishedAug 1
Latest updateOct 15

Description

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

โ–ถCVEListV5manageengine/applications_manager< 170900

๐Ÿ”ดVulnerability Details

3
CVEList
SQL Injectionโ†—2024-08-01
โ–ถ
GHSA
GHSA-rrc8-qmq6-vv7c: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitoโ†—2024-08-01
โ–ถ
OSV
openssl vulnerabilitiesโ†—2024-02-13
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (OpenSSL) โ€” CVE-2023-5678โ†—2024-10-15
โ–ถ
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Server Infrastructure (OpenSSL) โ€” CVE-2023-5678โ†—2024-07-15
โ–ถ
CVE-2024-5678 (MEDIUM CVSS 4.7) | Zohocorp ManageEngine Applications | cvebase.io