cbcvebase.
CVE-2024-5678
published 2024-08-01

CVE-2024-5678: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

PriorityP430medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
2.55%
83.1th percentile
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

Affected

6 ranges
VendorProductVersion rangeFixed in
manageengineapplications_manager< 170900170900
opensslopenssl>= 0 < 1.0.2g-1ubuntu4.20+esm111.0.2g-1ubuntu4.20+esm11
opensslopenssl>= 0 < 1.1.1-1ubuntu2.1~18.04.23+esm41.1.1-1ubuntu2.1~18.04.23+esm4
zohocorpmanageengine_applications_manager< 16.816.8
zohocorpmanageengine_applications_manager
zohocorpmanageengine_applications_manager

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
osv5.3MEDIUM
vendor_oracle5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.