Manageengine Adaudit Plus vulnerabilities

CVE-2025-41444 [HIGH] CWE-89 CVE-2025-41444: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

CVE-2025-36528 [HIGH] CWE-89 CVE-2025-36528: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

CVE-2025-27709 [HIGH] CWE-89 CVE-2025-27709: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

CVE-2025-36527 [HIGH] CWE-89 CVE-2025-36527: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporti Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.

CVE-2025-41407 [HIGH] CWE-89 CVE-2025-41407: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU His Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

CVE-2025-41403 [HIGH] CWE-89 CVE-2025-41403: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

CVE-2025-3836 [HIGH] CWE-89 CVE-2025-3836: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

CVE-2025-3834 [HIGH] CWE-89 CVE-2025-3834: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

CVE-2024-49574 [HIGH] CWE-89 CVE-2024-49574: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the report Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

CVE-2024-36485 [HIGH] CWE-89 CVE-2024-36485: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

CVE-2024-5608 [HIGH] CWE-89 CVE-2024-5608: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the techni Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

CVE-2024-5586 [HIGH] CWE-89 CVE-2024-5586: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

CVE-2024-5490 [HIGH] CWE-89 CVE-2024-5490: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

CVE-2024-5556 [HIGH] CWE-89 CVE-2024-5556: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

CVE-2024-36517 [HIGH] CWE-89 CVE-2024-36517: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

CVE-2024-5467 [HIGH] CWE-89 CVE-2024-5467: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

CVE-2024-36514 [HIGH] CWE-89 CVE-2024-36514: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

CVE-2024-36516 [HIGH] CWE-89 SQL Injection SQL Injection Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

CVE-2024-36515 [HIGH] CWE-89 CVE-2024-36515: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

CVE-2024-5487 [HIGH] CWE-89 CVE-2024-5487: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.