Manageengine Adaudit Plus vulnerabilities
35 known vulnerabilities affecting manageengine/adaudit_plus.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH31MEDIUM4
Vulnerabilities
Page 2 of 2
CVE-2023-49332P3HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49332 [HIGH] CWE-89 CVE-2023-49332: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
nvd
CVE-2024-49574P3HIGHCVSS 8.8fixed in 81232024-11-18
CVE-2024-49574 [HIGH] CWE-89 CVE-2024-49574: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the report
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
nvd
CVE-2024-36485P3HIGHCVSS 8.8fixed in 81212024-11-04
CVE-2024-36485 [HIGH] CWE-89 CVE-2024-36485: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
nvd
CVE-2025-41444P3HIGHCVSS 8.3fixed in 85112025-06-09
CVE-2025-41444 [HIGH] CWE-89 CVE-2025-41444: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
nvd
CVE-2025-41403P3HIGHCVSS 8.3fixed in 85112025-05-22
CVE-2025-41403 [HIGH] CWE-89 CVE-2025-41403: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
nvd
CVE-2025-41407P3HIGHCVSS 8.3fixed in 85112025-05-23
CVE-2025-41407 [HIGH] CWE-89 CVE-2025-41407: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU His
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
nvd
CVE-2025-36528P3HIGHCVSS 8.3fixed in 85112025-06-09
CVE-2025-36528 [HIGH] CWE-89 CVE-2025-36528: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
nvd
CVE-2025-27709P3HIGHCVSS 8.3fixed in 85112025-06-09
CVE-2025-27709 [HIGH] CWE-89 CVE-2025-27709: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
nvd
CVE-2025-3834P3HIGHCVSS 8.1fixed in 85112025-05-14
CVE-2025-3834 [HIGH] CWE-89 CVE-2025-3834: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
nvd
CVE-2024-5608P3HIGHCVSS 8.1fixed in 81212024-10-24
CVE-2024-5608 [HIGH] CWE-89 CVE-2024-5608: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the techni
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
nvd
CVE-2024-21791P3HIGHCVSS 7.2fixed in 72712024-05-22
CVE-2024-21791 [HIGH] CWE-89 CVE-2024-21791: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
nvd
CVE-2024-36518P3MEDIUMCVSS 5.4≤ 81102024-08-12
CVE-2024-36518 [MEDIUM] CWE-89 CVE-2024-36518: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
nvd
CVE-2024-36037P4MEDIUMCVSS 5.5fixed in 72702024-05-27
CVE-2024-36037 [MEDIUM] CWE-863 CVE-2024-36037: Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
nvd
CVE-2024-36036P4MEDIUMCVSS 4.2fixed in 72702024-05-27
CVE-2024-36036 [MEDIUM] CWE-862 CVE-2024-36036: Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
nvd
CVE-2010-2049P4MEDIUMCVSS 4.3v4.0.02010-05-25
CVE-2010-2049 [MEDIUM] CWE-79 CVE-2010-2049: Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAud
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
← Previous2 / 2