cbcvebase.

Zohocorp Manageengine Adaudit Plus vulnerabilities

53 known vulnerabilities affecting zohocorp/manageengine_adaudit_plus.

Total CVEs
53
CISA KEV
1
actively exploited
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL9HIGH38MEDIUM5LOW1

Vulnerabilities

Page 2 of 3
CVE-2024-5490P3HIGHCVSS 8.8fixed in 8.02024-08-23
CVE-2024-5490 [HIGH] CWE-89 CVE-2024-5490: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
nvd
CVE-2023-49334P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49334 [HIGH] CWE-89 CVE-2023-49334: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summa Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
nvd
CVE-2023-49333P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49333 [HIGH] CWE-89 CVE-2023-49333: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph featu Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
nvd
CVE-2024-0269P3HIGHCVSS 8.8fixed in 7.2v7.22024-02-02
CVE-2024-0269 [HIGH] CWE-89 CVE-2024-0269: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
nvd
CVE-2024-0253P3HIGHCVSS 8.8fixed in 7.2v7.22024-02-02
CVE-2024-0253 [HIGH] CWE-89 CVE-2024-0253: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
nvd
CVE-2024-36515P3HIGHCVSS 8.8fixed in 8.02024-08-23
CVE-2024-36515 [HIGH] CWE-89 CVE-2024-36515: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
nvd
CVE-2025-3836P3HIGHCVSS 8.3fixed in 8.5v8.52025-05-22
CVE-2025-3836 [HIGH] CWE-89 CVE-2025-3836: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
nvd
CVE-2023-49335P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49335 [HIGH] CWE-89 CVE-2023-49335: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server de Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
nvd
CVE-2023-49331P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49331 [HIGH] CWE-89 CVE-2023-49331: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports sea Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
nvd
CVE-2023-49330P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49330 [HIGH] CWE-89 CVE-2023-49330: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate repo Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
nvd
CVE-2024-36516P3HIGHCVSS 8.8fixed in 8.02024-08-23
CVE-2024-36516 [HIGH] CVE-2024-36516: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
nvd
CVE-2024-36514P3HIGHCVSS 8.8fixed in 8.02024-08-23
CVE-2024-36514 [HIGH] CWE-89 CVE-2024-36514: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
nvd
CVE-2023-49332P3HIGHCVSS 8.8fixed in 7.2v7.22024-05-20
CVE-2023-49332 [HIGH] CWE-89 CVE-2023-49332: Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
nvd
CVE-2024-49574P3HIGHCVSS 8.8fixed in 8.1v8.12024-11-18
CVE-2024-49574 [HIGH] CWE-89 CVE-2024-49574: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the report Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
nvd
CVE-2024-36485P3HIGHCVSS 8.8fixed in 8.1v8.12024-11-04
CVE-2024-36485 [HIGH] CWE-89 CVE-2024-36485: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
nvd
CVE-2025-41444P3HIGHCVSS 8.3fixed in 8.5v8.52025-06-09
CVE-2025-41444 [HIGH] CWE-89 CVE-2025-41444: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
nvd
CVE-2025-41403P3HIGHCVSS 8.3fixed in 8.5v8.52025-05-22
CVE-2025-41403 [HIGH] CWE-89 CVE-2025-41403: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
nvd
CVE-2025-41407P3HIGHCVSS 8.3fixed in 8.5v8.52025-05-23
CVE-2025-41407 [HIGH] CWE-89 CVE-2025-41407: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU His Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
nvd
CVE-2025-36528P3HIGHCVSS 8.3fixed in 8.5v8.52025-06-09
CVE-2025-36528 [HIGH] CWE-89 CVE-2025-36528: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
nvd
CVE-2025-27709P3HIGHCVSS 8.3fixed in 8.5v8.52025-06-09
CVE-2025-27709 [HIGH] CWE-89 CVE-2025-27709: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injec Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
nvd
Zohocorp Manageengine Adaudit Plus vulnerabilities | cvebase