Lucene search

MitreCVE-2023-48793

HistoryFeb 02, 2024 - 2:15 a.m.

CVE-2023-48793

2024-02-0202:15:16

CWE-89

mitre

web.nvd.nist.gov

zoho

manageengine

adaudit

plus

7250

sql

injection

aggregate

report

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.064

Percentile

93.8%

JSON

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

Affected configurations

Nvd

Node

zohocorpmanageengine_adaudit_plusRange<7.2

zohocorpmanageengine_adaudit_plusMatch7.27200

zohocorpmanageengine_adaudit_plusMatch7.27201

zohocorpmanageengine_adaudit_plusMatch7.27202

zohocorpmanageengine_adaudit_plusMatch7.27203

zohocorpmanageengine_adaudit_plusMatch7.27210

zohocorpmanageengine_adaudit_plusMatch7.27211

zohocorpmanageengine_adaudit_plusMatch7.27212

zohocorpmanageengine_adaudit_plusMatch7.27213

zohocorpmanageengine_adaudit_plusMatch7.27215

zohocorpmanageengine_adaudit_plusMatch7.27220

zohocorpmanageengine_adaudit_plusMatch7.27250

zohocorpmanageengine_adaudit_plusMatch7.27251

zohocorpmanageengine_adaudit_plusMatch7.27260

zohocorpmanageengine_adaudit_plusMatch7.27270

VendorProductVersionCPE
zohocorpmanageengine_adaudit_plus*cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.2cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adaudit_plus	*	cpe:2.3:a:zohocorp:manageengine_adaudit_plus::::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213::::::
zohocorp	manageengine_adaudit_plus	7.2	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215::::::

Rows per page:

1-10 of 151

References

manageengine.com

www.manageengine.com/products/active-directory-audit/sqlfix-7271.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.064

Percentile

93.8%

JSON

Related for CVE-2023-48793