CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5467 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5467
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36034 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36034
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. • https://www.manageengine.com/products/active-directory-audit/sqlfix-8003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36035 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36035
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. • https://www.manageengine.com/products/active-directory-audit/sqlfix-8003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36518 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36518
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36518.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5487 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5487
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5527 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5527
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5527.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36037 – Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-36037
27 May 2024 — Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. Zoho ManageEngine ADAudit Plus versiones 7260 e inferiores permiten que los usuarios no autorizados de la máquina del agente local vean las grabaciones de la sesión. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36037.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49335
https://notcve.org/view.php?id=CVE-2023-49335
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se obtienen detalles del servidor de archivos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49334
https://notcve.org/view.php?id=CVE-2023-49334
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se exporta un informe resumido completo. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49333
https://notcve.org/view.php?id=CVE-2023-49333
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la función de gráfico del panel. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •