Lucene search
ManageEngineCVELIST:CVE-2024-36516HistoryAug 23, 2024 - 1:36 p.m.
CVE-2024-36516 SQL Injection
2024-08-2313:36:05
CWE-89
ManageEngine
www.cve.org
2
zohocorp
adaudit plus
version 8000
authenticated
sql injection
dashboard
vulnerability
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0.001
Percentile
31.8%
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus’ dashboard.
CNA Affected
[
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
]Related
cve
cve
CVE-2024-36516
2024-08-23 14:15:10
CVE-2024-36515
2024-08-23 14:15:10
nvd
nvd
CVE-2024-36516
2024-08-23 14:15:10
CVE-2024-36515
2024-08-23 14:15:10
cvelist
cvelist
CVE-2024-36515 SQL Injection
2024-08-23 13:37:02
vulnrichment
vulnrichment
CVE-2024-36516 SQL Injection
2024-08-23 13:36:05
CVE-2024-36515 SQL Injection
2024-08-23 13:37:02
nessus
nessus
ManageEngine ADAudit Plus < Build 8000 Multiple Vulnerabilities
2024-08-28 00:00:00
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0.001
Percentile
31.8%
Related for CVELIST:CVE-2024-36516