CVE-2024-36034

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 16, 2024
CWE ID 89

Summary

CVE-2024-36034 is a newly disclosed vulnerability affecting Zohocorp's ManageEngine ADAudit Plus. Versions below 8.003 are at risk, as they contain an authenticated SQL injection flaw in the aggregate reports' search option. An attacker can exploit this vulnerability by manipulating input in the search field, allowing them to execute malicious SQL queries and potentially gain unauthorized access to sensitive data. This issue could lead to data theft or privilege escalation. It is recommended that affected organizations upgrade to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • ADAudit Plus

Affected Vendors

  • Zoho Corporation