Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-49331

Summary
Assigner-ManageEngine
Assigner Org ID-0fc0942c-577d-436f-ae8e-945763c79b02
Published At-20 May, 2024 | 17:35
Updated At-02 Aug, 2024 | 21:53
Rejected At-
Credits

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ManageEngine
Assigner Org ID:0fc0942c-577d-436f-ae8e-945763c79b02
Published At:20 May, 2024 | 17:35
Updated At:02 Aug, 2024 | 21:53
Rejected At:
▼CVE Numbering Authority (CNA)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

Affected Products
Vendor
ManageEngine (Zoho Corporation Pvt. Ltd.)ManageEngine
Product
ADAudit Plus
Default Status
unaffected
Versions
Affected
  • From 0 before 7271 (7271)
Metrics
VersionBase scoreBase severityVector
3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
N/A
Hyperlink: https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
ManageEngine (Zoho Corporation Pvt. Ltd.)manageengine
Product
adaudit_plus
CPEs
  • cpe:2.3:a:manageengine:adaudit_plus:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 7271 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
x_transferred
Hyperlink: https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:0fc0942c-577d-436f-ae8e-945763c79b02
Published At:20 May, 2024 | 18:15
Updated At:09 May, 2025 | 13:27

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>Versions before 7.2(exclusive)
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7251:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7260:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>7.2
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7270:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html0fc0942c-577d-436f-ae8e-945763c79b02
Vendor Advisory
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
Source: 0fc0942c-577d-436f-ae8e-945763c79b02
Resource:
Vendor Advisory
Hyperlink: https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1902Records found
CVE-2024-21775
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 14:35
Updated-26 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0269
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.66% / 70.25%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 13:05
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0253
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.66% / 70.25%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 12:50
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49330
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.29% / 51.62%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:19
Updated-12 May, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49335
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49332
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:45
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49334
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41444
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:14
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41407
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.75%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 10:29
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41403
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 10:39
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3836
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 10:38
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-36528
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:12
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-36527
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.75%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 10:28
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27709
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:04
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9459
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-1.29% / 78.85%
||
7 Day CHG+0.25%
Published-05 Nov, 2024 | 05:44
Updated-06 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusmanageengine_exchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6748
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.45% / 62.70%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 16:20
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-OpManagermanageengine_opmanager_mspmanageengine_opmanagermanageengine_opmanager_rmmmanageengine_opmanager_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5546
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG+1.05%
Published-28 Aug, 2024 | 08:44
Updated-19 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_password_manager_promanageengine_pam360Password Manager ProPAM360pam360password_manager_pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5586
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:54
Updated-27 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5527
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 05:31
Updated-16 Aug, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5556
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:52
Updated-27 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5490
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:44
Updated-27 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5487
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:04
Updated-16 Aug, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5608
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.42% / 61.16%
||
7 Day CHG+0.06%
Published-24 Oct, 2024 | 11:42
Updated-26 Nov, 2024 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49574
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.81% / 73.29%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 07:55
Updated-26 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27908
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.22% / 88.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 12:17
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49333
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:51
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-28679
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.72% / 88.96%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 17:47
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-27733
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 15:53
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-16267
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 78.99%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 19:02
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-15927
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 78.99%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 18:56
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-19650
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.39% / 91.35%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 17:40
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38872
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:30
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36516
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:36
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36035
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:19
Updated-16 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35765
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.56%
||
7 Day CHG~0.00%
Published-05 Feb, 2021 | 08:55
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48878
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.41%
||
7 Day CHG+0.07%
Published-04 Nov, 2024 | 10:56
Updated-05 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusADManager Plusmanageengine_admanager_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6204
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.78% / 72.64%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 17:10
Updated-19 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection

Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusmanageengine_exchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5467
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:28
Updated-27 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38871
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:29
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36517
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:34
Updated-27 Aug, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36485
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.41%
||
7 Day CHG+0.07%
Published-04 Nov, 2024 | 11:13
Updated-07 Nov, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36514
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36518
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.59% / 87.29%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:13
Updated-21 Nov, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36034
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:23
Updated-16 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36515
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-27311
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.39%
||
7 Day CHG-0.15%
Published-17 Jul, 2024 | 10:52
Updated-02 Aug, 2024 | 00:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file writing

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_ddi_centralDDI Central
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-24409
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-2.65% / 85.15%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 08:01
Updated-13 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusADManager Plusmanageengine_admanager_plus
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37741
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.41% / 89.75%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 12:56
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0252
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-42.87% / 97.39%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 07:57
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_adselfservice_plusADSelfService Plus
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-4769
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.6||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 10:55
Updated-05 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centralDesktop Centraldesktop_central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 38
  • 39
  • Next
Details not found