CVE-2024-5678
published 2024-08-01CVE-2024-5678: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
PriorityP430medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
2.55%
83.1th percentile
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | applications_manager | < 170900 | 170900 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.20+esm11 | 1.0.2g-1ubuntu4.20+esm11 |
| openssl | openssl | >= 0 < 1.1.1-1ubuntu2.1~18.04.23+esm4 | 1.1.1-1ubuntu2.1~18.04.23+esm4 |
| zohocorp | manageengine_applications_manager | < 16.8 | 16.8 |
| zohocorp | manageengine_applications_manager | — | — |
| zohocorp | manageengine_applications_manager | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
osv5.3MEDIUM
vendor_oracle5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrc8-qmq6-vv7c: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monito
ghsa_unreviewed·2024-08-01
CVE-2024-5678 [MEDIUM] CWE-89 GHSA-rrc8-qmq6-vv7c: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monito
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
OSV
openssl vulnerabilities
osv·2024-02-13·CVSS 5.3
CVE-2023-5678 openssl vulnerabilities
openssl vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled excessively long
X9.42 DH keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service.
(CVE-2023-5678)
Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (OpenSSL) — CVE-2023-5678
vendor_oracle·2024-10-15·CVSS 5.3
CVE-2023-5678 [MEDIUM] Oracle Oracle Analytics Risk Matrix: Analytics Server (OpenSSL) — CVE-2023-5678
Oracle Oracle Analytics Risk Matrix: Analytics Server (OpenSSL) vulnerability
CVE: CVE-2023-5678
CVSS: 5.3
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Server Infrastructure (OpenSSL) — CVE-2023-5678
vendor_oracle·2024-07-15·CVSS 5.3
CVE-2023-5678 [MEDIUM] Oracle Oracle Siebel CRM Risk Matrix: Server Infrastructure (OpenSSL) — CVE-2023-5678
Oracle Oracle Siebel CRM Risk Matrix: Server Infrastructure (OpenSSL) vulnerability
CVE: CVE-2023-5678
CVSS: 5.3
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-01
Published