Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_adaudit_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-23 | CVE-2024-5556 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | Manageengine_adaudit_plus | 8.8 | ||
| 2024-08-23 | CVE-2024-5586 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | Manageengine_adaudit_plus | 8.8 | ||
| 2024-08-12 | CVE-2024-36034 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. | Manageengine_adaudit_plus | 8.8 | ||
| 2024-08-12 | CVE-2024-36035 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | Manageengine_adaudit_plus | 8.8 | ||
| 2024-08-12 | CVE-2024-5487 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. | Manageengine_adaudit_plus | 8.8 | ||
| 2024-08-12 | CVE-2024-5527 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | Manageengine_adaudit_plus | 8.8 | ||
| 2020-05-08 | CVE-2020-11532 | Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | Manageengine_adaudit_plus, Manageengine_datasecurity_plus | 9.8 | ||
| 2018-12-13 | CVE-2018-19118 | Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | Manageengine_adaudit_plus | 7.5 | ||
| 2020-05-08 | CVE-2020-11531 | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. | Manageengine_adaudit_plus, Manageengine_datasecurity_plus | N/A | ||
| 2018-05-29 | CVE-2018-10466 | Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | Manageengine_adaudit_plus | 9.8 |