CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-36035 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36035
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. • https://www.manageengine.com/products/active-directory-audit/sqlfix-8003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-36518 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36518
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36518.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-5487 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5487
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-5527 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5527
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5527.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36037 – Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-36037
27 May 2024 — Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. Zoho ManageEngine ADAudit Plus versiones 7260 e inferiores permiten que los usuarios no autorizados de la máquina del agente local vean las grabaciones de la sesión. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36037.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49335
https://notcve.org/view.php?id=CVE-2023-49335
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se obtienen detalles del servidor de archivos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49334
https://notcve.org/view.php?id=CVE-2023-49334
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se exporta un informe resumido completo. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49333
https://notcve.org/view.php?id=CVE-2023-49333
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la función de gráfico del panel. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49332
https://notcve.org/view.php?id=CVE-2023-49332
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL al agregar archivos compartidos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49331
https://notcve.org/view.php?id=CVE-2023-49331
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la opción de búsqueda de informes agregados. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •