Manageengine Adaudit Plus vulnerabilities
35 known vulnerabilities affecting manageengine/adaudit_plus.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH31MEDIUM4
Vulnerabilities
Page 1 of 2
CVE-2025-36527P2HIGHCVSS 8.3fixed in 85112025-05-23
CVE-2025-36527 [HIGH] CWE-89 CVE-2025-36527: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporti
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
nvd
CVE-2024-36034P3HIGHCVSS 8.8≤ 80032024-08-12
CVE-2024-36034 [HIGH] CWE-89 CVE-2024-36034: Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
nvd
CVE-2024-36517P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-36517 [HIGH] CWE-89 CVE-2024-36517: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
nvd
CVE-2024-5556P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-5556 [HIGH] CWE-89 CVE-2024-5556: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
nvd
CVE-2024-36035P3HIGHCVSS 8.8≤ 80032024-08-12
CVE-2024-36035 [HIGH] CWE-89 CVE-2024-36035: Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
nvd
CVE-2024-5586P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-5586 [HIGH] CWE-89 CVE-2024-5586: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
nvd
CVE-2024-5487P3HIGHCVSS 8.8≤ 81102024-08-12
CVE-2024-5487 [HIGH] CWE-89 CVE-2024-5487: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
nvd
CVE-2024-5527P3HIGHCVSS 8.8≤ 81102024-08-12
CVE-2024-5527 [HIGH] CWE-89 CVE-2024-5527: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
nvd
CVE-2024-5467P3HIGHCVSS 8.8fixed in 81212024-08-23
CVE-2024-5467 [HIGH] CWE-89 CVE-2024-5467: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
nvd
CVE-2024-5490P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-5490 [HIGH] CWE-89 CVE-2024-5490: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
nvd
CVE-2023-49334P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49334 [HIGH] CWE-89 CVE-2023-49334: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summa
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
nvd
CVE-2023-49333P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49333 [HIGH] CWE-89 CVE-2023-49333: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph featu
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
nvd
CVE-2024-0269P3HIGHCVSS 8.8fixed in 72702024-02-02
CVE-2024-0269 [HIGH] CWE-89 CVE-2024-0269: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
nvd
CVE-2024-0253P3HIGHCVSS 8.8fixed in 72702024-02-02
CVE-2024-0253 [HIGH] CWE-89 CVE-2024-0253: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
nvd
CVE-2024-36515P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-36515 [HIGH] CWE-89 CVE-2024-36515: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
nvd
CVE-2025-3836P3HIGHCVSS 8.3fixed in 85112025-05-22
CVE-2025-3836 [HIGH] CWE-89 CVE-2025-3836: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
nvd
CVE-2023-49335P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49335 [HIGH] CWE-89 CVE-2023-49335: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server de
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
nvd
CVE-2023-49331P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49331 [HIGH] CWE-89 CVE-2023-49331: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports sea
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
nvd
CVE-2023-49330P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49330 [HIGH] CWE-89 CVE-2023-49330: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate repo
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
nvd
CVE-2024-36514P3HIGHCVSS 8.8fixed in 80002024-08-23
CVE-2024-36514 [HIGH] CWE-89 CVE-2024-36514: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
nvd
1 / 2Next →