Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
70 vulnerabilities found for ADAudit Plus by ManageEngine
CVE-2025-41444 (GCVE-0-2025-41444)
Vulnerability from cvelistv5 – Published: 2025-06-09 11:14 – Updated: 2025-06-09 13:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:05:25.285513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:05:30.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:14:58.186Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41444.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41444",
"datePublished": "2025-06-09T11:14:58.186Z",
"dateReserved": "2025-04-21T07:24:59.758Z",
"dateUpdated": "2025-06-09T13:05:30.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36528 (GCVE-0-2025-36528)
Vulnerability from cvelistv5 – Published: 2025-06-09 11:12 – Updated: 2025-06-09 13:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:05:44.149702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:05:48.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eService Account Auditing reports.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:12:14.531Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-36528.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-36528",
"datePublished": "2025-06-09T11:12:14.531Z",
"dateReserved": "2025-04-21T07:24:59.749Z",
"dateUpdated": "2025-06-09T13:05:48.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27709 (GCVE-0-2025-27709)
Vulnerability from cvelistv5 – Published: 2025-06-09 11:04 – Updated: 2025-06-09 15:39
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:28:45.447424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:39:11.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eService Account Auditing reports\u003c/span\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:04:38.114Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-27709.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-27709",
"datePublished": "2025-06-09T11:04:38.114Z",
"dateReserved": "2025-04-21T07:24:59.742Z",
"dateUpdated": "2025-06-09T15:39:11.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41407 (GCVE-0-2025-41407)
Vulnerability from cvelistv5 – Published: 2025-05-23 10:29 – Updated: 2025-05-23 11:57
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T11:57:03.143446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T11:57:14.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eZohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOU History report.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the\u00a0OU History report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T10:29:58.652Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41407",
"datePublished": "2025-05-23T10:29:58.652Z",
"dateReserved": "2025-04-21T07:24:59.763Z",
"dateUpdated": "2025-05-23T11:57:14.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36527 (GCVE-0-2025-36527)
Vulnerability from cvelistv5 – Published: 2025-05-23 10:28 – Updated: 2025-05-23 12:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:00:08.629589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:05:28.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine\u0026nbsp;ADAudit Plus versions below 8511 are vulnerable to SQL injection while\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexporting reports.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine\u00a0ADAudit Plus versions below 8511 are vulnerable to SQL injection while\u00a0exporting reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T10:28:24.153Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-36527",
"datePublished": "2025-05-23T10:28:24.153Z",
"dateReserved": "2025-04-21T07:31:12.859Z",
"dateUpdated": "2025-05-23T12:05:28.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41403 (GCVE-0-2025-41403)
Vulnerability from cvelistv5 – Published: 2025-05-22 10:39 – Updated: 2025-05-22 18:13
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:08:11.914322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:13:43.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T10:39:59.813Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41403.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41403",
"datePublished": "2025-05-22T10:39:59.813Z",
"dateReserved": "2025-04-21T07:24:59.732Z",
"dateUpdated": "2025-05-22T18:13:43.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3836 (GCVE-0-2025-3836)
Vulnerability from cvelistv5 – Published: 2025-05-22 10:38 – Updated: 2025-05-22 18:21
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:18:09.405296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:21:44.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T10:38:26.473Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-3836",
"datePublished": "2025-05-22T10:38:26.473Z",
"dateReserved": "2025-04-21T07:24:24.884Z",
"dateUpdated": "2025-05-22T18:21:44.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3834 (GCVE-0-2025-3834)
Vulnerability from cvelistv5 – Published: 2025-05-14 11:05 – Updated: 2025-05-14 13:28
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T13:28:36.501976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T13:28:48.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine\u0026nbsp;ADAudit Plus versions\u0026nbsp;8510\u0026nbsp;and prior are vulnerable to authenticated SQL injection in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOU History report\u003c/span\u003e."
}
],
"value": "Zohocorp ManageEngine\u00a0ADAudit Plus versions\u00a08510\u00a0and prior are vulnerable to authenticated SQL injection in the\u00a0OU History report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T11:05:34.690Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-3834.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-3834",
"datePublished": "2025-05-14T11:05:34.690Z",
"dateReserved": "2025-04-21T07:14:18.488Z",
"dateUpdated": "2025-05-14T13:28:48.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49574 (GCVE-0-2024-49574)
Vulnerability from cvelistv5 – Published: 2024-11-18 07:55 – Updated: 2024-11-26 14:45
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8123
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T13:41:12.438869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:45:29.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=ADAudit",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8123",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe reports module.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in\u00a0the reports module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T07:55:13.332Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-49574",
"datePublished": "2024-11-18T07:55:13.332Z",
"dateReserved": "2024-11-07T11:25:31.882Z",
"dateUpdated": "2024-11-26T14:45:29.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36485 (GCVE-0-2024-36485)
Vulnerability from cvelistv5 – Published: 2024-11-04 11:13 – Updated: 2024-11-07 11:02
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8121
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T15:16:51.310358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T15:18:52.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=ADAudit",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTechnician reports option.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in\u00a0Technician reports option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:02:05.293Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-36485",
"datePublished": "2024-11-04T11:13:02.838Z",
"dateReserved": "2024-07-16T07:03:21.727Z",
"dateUpdated": "2024-11-07T11:02:05.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5608 (GCVE-0-2024-5608)
Vulnerability from cvelistv5 – Published: 2024-10-24 11:42 – Updated: 2024-10-24 13:55
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8121
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "5121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T13:49:43.999082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T13:55:28.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature."
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T11:42:44.789Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5608",
"datePublished": "2024-10-24T11:42:44.789Z",
"dateReserved": "2024-06-03T19:38:45.832Z",
"dateUpdated": "2024-10-24T13:55:28.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5586 (GCVE-0-2024-5586)
Vulnerability from cvelistv5 – Published: 2024-08-23 13:54 – Updated: 2024-08-23 14:40
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:39:32.302109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:40:48.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8121\u003c/span\u003e are vulnerable to the authenticated SQL injection in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003extranet lockouts report\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08121 are vulnerable to the authenticated SQL injection in\u00a0extranet lockouts report\u00a0option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:54:53.458Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5586",
"datePublished": "2024-08-23T13:54:53.458Z",
"dateReserved": "2024-06-01T06:18:55.183Z",
"dateUpdated": "2024-08-23T14:40:48.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5556 (GCVE-0-2024-5556)
Vulnerability from cvelistv5 – Published: 2024-08-23 13:52 – Updated: 2024-08-23 14:41
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:41:09.115425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:41:47.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;reports\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in\u00a0reports\u00a0module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:52:28.522Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5556",
"datePublished": "2024-08-23T13:52:28.522Z",
"dateReserved": "2024-05-31T04:04:41.315Z",
"dateUpdated": "2024-08-23T14:41:47.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5490 (GCVE-0-2024-5490)
Vulnerability from cvelistv5 – Published: 2024-08-23 13:44 – Updated: 2024-08-23 14:43
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:42:11.658128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:43:05.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaggregate reports\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in aggregate reports option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:44:08.468Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5490",
"datePublished": "2024-08-23T13:44:08.468Z",
"dateReserved": "2024-05-29T20:15:14.657Z",
"dateUpdated": "2024-08-23T14:43:05.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36514 (GCVE-0-2024-36514)
Vulnerability from cvelistv5 – Published: 2024-08-23 13:37 – Updated: 2024-08-23 14:44
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:43:24.547564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:44:02.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in f\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile summary option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in file summary option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:38:16.382Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-36514",
"datePublished": "2024-08-23T13:37:56.318Z",
"dateReserved": "2024-05-29T19:31:31.769Z",
"dateUpdated": "2024-08-23T14:44:02.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41444 (GCVE-0-2025-41444)
Vulnerability from nvd – Published: 2025-06-09 11:14 – Updated: 2025-06-09 13:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:05:25.285513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:05:30.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:14:58.186Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41444.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41444",
"datePublished": "2025-06-09T11:14:58.186Z",
"dateReserved": "2025-04-21T07:24:59.758Z",
"dateUpdated": "2025-06-09T13:05:30.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36528 (GCVE-0-2025-36528)
Vulnerability from nvd – Published: 2025-06-09 11:12 – Updated: 2025-06-09 13:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:05:44.149702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:05:48.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eService Account Auditing reports.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:12:14.531Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-36528.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-36528",
"datePublished": "2025-06-09T11:12:14.531Z",
"dateReserved": "2025-04-21T07:24:59.749Z",
"dateUpdated": "2025-06-09T13:05:48.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27709 (GCVE-0-2025-27709)
Vulnerability from nvd – Published: 2025-06-09 11:04 – Updated: 2025-06-09 15:39
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(5722)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:28:45.447424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:39:11.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "5722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eService Account Auditing reports\u003c/span\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T11:04:38.114Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-27709.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-27709",
"datePublished": "2025-06-09T11:04:38.114Z",
"dateReserved": "2025-04-21T07:24:59.742Z",
"dateUpdated": "2025-06-09T15:39:11.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41407 (GCVE-0-2025-41407)
Vulnerability from nvd – Published: 2025-05-23 10:29 – Updated: 2025-05-23 11:57
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T11:57:03.143446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T11:57:14.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eZohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOU History report.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the\u00a0OU History report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T10:29:58.652Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41407",
"datePublished": "2025-05-23T10:29:58.652Z",
"dateReserved": "2025-04-21T07:24:59.763Z",
"dateUpdated": "2025-05-23T11:57:14.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36527 (GCVE-0-2025-36527)
Vulnerability from nvd – Published: 2025-05-23 10:28 – Updated: 2025-05-23 12:05
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:00:08.629589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:05:28.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine\u0026nbsp;ADAudit Plus versions below 8511 are vulnerable to SQL injection while\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexporting reports.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine\u00a0ADAudit Plus versions below 8511 are vulnerable to SQL injection while\u00a0exporting reports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T10:28:24.153Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-36527",
"datePublished": "2025-05-23T10:28:24.153Z",
"dateReserved": "2025-04-21T07:31:12.859Z",
"dateUpdated": "2025-05-23T12:05:28.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41403 (GCVE-0-2025-41403)
Vulnerability from nvd – Published: 2025-05-22 10:39 – Updated: 2025-05-22 18:13
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:08:11.914322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:13:43.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T10:39:59.813Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-41403.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-41403",
"datePublished": "2025-05-22T10:39:59.813Z",
"dateReserved": "2025-04-21T07:24:59.732Z",
"dateUpdated": "2025-05-22T18:13:43.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3836 (GCVE-0-2025-3836)
Vulnerability from nvd – Published: 2025-05-22 10:38 – Updated: 2025-05-22 18:21
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:18:09.405296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:21:44.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T10:38:26.473Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-3836",
"datePublished": "2025-05-22T10:38:26.473Z",
"dateReserved": "2025-04-21T07:24:24.884Z",
"dateUpdated": "2025-05-22T18:21:44.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3834 (GCVE-0-2025-3834)
Vulnerability from nvd – Published: 2025-05-14 11:05 – Updated: 2025-05-14 13:28
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8511
(6514)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T13:28:36.501976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T13:28:48.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8511",
"status": "affected",
"version": "0",
"versionType": "6514"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine\u0026nbsp;ADAudit Plus versions\u0026nbsp;8510\u0026nbsp;and prior are vulnerable to authenticated SQL injection in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOU History report\u003c/span\u003e."
}
],
"value": "Zohocorp ManageEngine\u00a0ADAudit Plus versions\u00a08510\u00a0and prior are vulnerable to authenticated SQL injection in the\u00a0OU History report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T11:05:34.690Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2025-3834.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-3834",
"datePublished": "2025-05-14T11:05:34.690Z",
"dateReserved": "2025-04-21T07:14:18.488Z",
"dateUpdated": "2025-05-14T13:28:48.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49574 (GCVE-0-2024-49574)
Vulnerability from nvd – Published: 2024-11-18 07:55 – Updated: 2024-11-26 14:45
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8123
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T13:41:12.438869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:45:29.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=ADAudit",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8123",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe reports module.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in\u00a0the reports module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T07:55:13.332Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-49574",
"datePublished": "2024-11-18T07:55:13.332Z",
"dateReserved": "2024-11-07T11:25:31.882Z",
"dateUpdated": "2024-11-26T14:45:29.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36485 (GCVE-0-2024-36485)
Vulnerability from nvd – Published: 2024-11-04 11:13 – Updated: 2024-11-07 11:02
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8121
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T15:16:51.310358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T15:18:52.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=ADAudit",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTechnician reports option.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in\u00a0Technician reports option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:02:05.293Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-36485",
"datePublished": "2024-11-04T11:13:02.838Z",
"dateReserved": "2024-07-16T07:03:21.727Z",
"dateUpdated": "2024-11-07T11:02:05.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5608 (GCVE-0-2024-5608)
Vulnerability from nvd – Published: 2024-10-24 11:42 – Updated: 2024-10-24 13:55
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8121
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "5121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T13:49:43.999082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T13:55:28.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature."
}
],
"value": "Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T11:42:44.789Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5608",
"datePublished": "2024-10-24T11:42:44.789Z",
"dateReserved": "2024-06-03T19:38:45.832Z",
"dateUpdated": "2024-10-24T13:55:28.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5586 (GCVE-0-2024-5586)
Vulnerability from nvd – Published: 2024-08-23 13:54 – Updated: 2024-08-23 14:40
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8121",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:39:32.302109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:40:48.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8121\u003c/span\u003e are vulnerable to the authenticated SQL injection in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003extranet lockouts report\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08121 are vulnerable to the authenticated SQL injection in\u00a0extranet lockouts report\u00a0option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:54:53.458Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5586",
"datePublished": "2024-08-23T13:54:53.458Z",
"dateReserved": "2024-06-01T06:18:55.183Z",
"dateUpdated": "2024-08-23T14:40:48.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5556 (GCVE-0-2024-5556)
Vulnerability from nvd – Published: 2024-08-23 13:52 – Updated: 2024-08-23 14:41
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:41:09.115425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:41:47.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;reports\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in\u00a0reports\u00a0module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:52:28.522Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5556",
"datePublished": "2024-08-23T13:52:28.522Z",
"dateReserved": "2024-05-31T04:04:41.315Z",
"dateUpdated": "2024-08-23T14:41:47.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5490 (GCVE-0-2024-5490)
Vulnerability from nvd – Published: 2024-08-23 13:44 – Updated: 2024-08-23 14:43
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:42:11.658128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:43:05.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaggregate reports\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in aggregate reports option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:44:08.468Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5490",
"datePublished": "2024-08-23T13:44:08.468Z",
"dateReserved": "2024-05-29T20:15:14.657Z",
"dateUpdated": "2024-08-23T14:43:05.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36514 (GCVE-0-2024-36514)
Vulnerability from nvd – Published: 2024-08-23 13:37 – Updated: 2024-08-23 14:44
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
Severity ?
8.3 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADAudit Plus |
Affected:
0 , < 8000
(8121)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaudit_plus",
"vendor": "manageengine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:43:24.547564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:44:02.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/active-directory-audit/",
"defaultStatus": "unaffected",
"product": "ADAudit Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "8000",
"status": "affected",
"version": "0",
"versionType": "8121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp\u0026nbsp;ManageEngine\u0026nbsp;ADAudit Plus versions below\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8000\u003c/span\u003e are vulnerable to the authenticated SQL injection in f\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile summary option\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in file summary option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:38:16.382Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-36514",
"datePublished": "2024-08-23T13:37:56.318Z",
"dateReserved": "2024-05-29T19:31:31.769Z",
"dateUpdated": "2024-08-23T14:44:02.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}