Manageengine Adaudit Plus vulnerabilities
36 known vulnerabilities affecting manageengine/adaudit_plus.
Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH32MEDIUM4
Vulnerabilities
Page 2 of 2
CVE-2024-36034HIGHCVSS 8.8≤ 80032024-08-12
CVE-2024-36034 [HIGH] CWE-89 CVE-2024-36034: Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
cvelistv5nvd
CVE-2024-5527HIGHCVSS 8.8≤ 81102024-08-12
CVE-2024-5527 [HIGH] CWE-89 CVE-2024-5527: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
cvelistv5nvd
CVE-2024-36035HIGHCVSS 8.8≤ 80032024-08-12
CVE-2024-36035 [HIGH] CWE-89 CVE-2024-36035: Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
cvelistv5nvd
CVE-2024-36518MEDIUMCVSS 5.4≤ 81102024-08-12
CVE-2024-36518 [MEDIUM] CWE-89 CVE-2024-36518: Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
cvelistv5nvd
CVE-2024-36036MEDIUMCVSS 4.2fixed in 72702024-05-27
CVE-2024-36036 [MEDIUM] CWE-862 CVE-2024-36036: Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
cvelistv5nvd
CVE-2024-36037MEDIUMCVSS 5.5fixed in 72702024-05-27
CVE-2024-36037 [MEDIUM] CWE-863 CVE-2024-36037: Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
cvelistv5nvd
CVE-2024-21791HIGHCVSS 7.2fixed in 72712024-05-22
CVE-2024-21791 [HIGH] CWE-89 CVE-2024-21791: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
cvelistv5nvd
CVE-2023-49335HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49335 [HIGH] CWE-89 CVE-2023-49335: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server de
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
cvelistv5nvd
CVE-2023-49334HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49334 [HIGH] CWE-89 CVE-2023-49334: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summa
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
cvelistv5nvd
CVE-2023-49332HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49332 [HIGH] CWE-89 CVE-2023-49332: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
cvelistv5nvd
CVE-2023-49331HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49331 [HIGH] CWE-89 CVE-2023-49331: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports sea
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
cvelistv5nvd
CVE-2023-49330HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49330 [HIGH] CWE-89 CVE-2023-49330: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate repo
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
cvelistv5nvd
CVE-2023-49333HIGHCVSS 8.8fixed in 72712024-05-20
CVE-2023-49333 [HIGH] CWE-89 CVE-2023-49333: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph featu
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
cvelistv5nvd
CVE-2024-0269HIGHCVSS 8.8fixed in 72702024-02-02
CVE-2024-0269 [HIGH] CWE-89 CVE-2024-0269: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
cvelistv5nvd
CVE-2024-0253HIGHCVSS 8.8fixed in 72702024-02-02
CVE-2024-0253 [HIGH] CWE-89 CVE-2024-0253: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
cvelistv5nvd
CVE-2010-2049MEDIUMCVSS 4.3v4.0.02010-05-25
CVE-2010-2049 [MEDIUM] CWE-79 CVE-2010-2049: Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAud
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
← Previous2 / 2