Adaudit Plus
by Manageengine
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28219 | 0.11 | — | 0.97 | Apr 5, 2022 | Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | |||
| CVE-2025-36527 | 0.01 | — | 0.20 | May 23, 2025 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | |||
| CVE-2023-48792 | 0.01 | — | 0.07 | Feb 2, 2024 | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | |||
| CVE-2020-24786 | 0.01 | — | 0.13 | Aug 31, 2020 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer… | |||
| CVE-2018-19118 | 0.01 | — | 0.07 | Dec 13, 2018 | Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | |||
| CVE-2026-11374 | 0.00 | — | 0.01 | Jun 23, 2026 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover. | |||
| CVE-2025-41444 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | |||
| CVE-2025-36528 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | |||
| CVE-2025-27709 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||
| CVE-2025-41407 | 0.00 | — | 0.01 | May 23, 2025 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | |||
| CVE-2025-41403 | 0.00 | — | 0.01 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | |||
| CVE-2025-3836 | 0.00 | — | 0.05 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | |||
| CVE-2025-3834 | 0.00 | — | 0.01 | May 14, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | |||
| CVE-2024-49574 | 0.00 | — | 0.02 | Nov 18, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | |||
| CVE-2024-36485 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | |||
| CVE-2024-5608 | 0.00 | — | 0.01 | Oct 24, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | |||
| CVE-2024-5586 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||
| CVE-2024-5556 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | |||
| CVE-2024-5490 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | |||
| CVE-2024-36514 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. |
- CVE-2022-28219Apr 5, 2022risk 0.11cvss —epss 0.97
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
- CVE-2025-36527May 23, 2025risk 0.01cvss —epss 0.20
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
- CVE-2023-48792Feb 2, 2024risk 0.01cvss —epss 0.07
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
- CVE-2020-24786Aug 31, 2020risk 0.01cvss —epss 0.13
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…
- CVE-2018-19118Dec 13, 2018risk 0.01cvss —epss 0.07
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
- CVE-2026-11374Jun 23, 2026risk 0.00cvss —epss 0.01
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.
- CVE-2025-41444Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
- CVE-2025-36528Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
- CVE-2025-27709Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
- CVE-2025-41407May 23, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
- CVE-2025-41403May 22, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
- CVE-2025-3836May 22, 2025risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
- CVE-2025-3834May 14, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
- CVE-2024-49574Nov 18, 2024risk 0.00cvss —epss 0.02
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
- CVE-2024-36485Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
- CVE-2024-5608Oct 24, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
- CVE-2024-5586Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
- CVE-2024-5556Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
- CVE-2024-5490Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
- CVE-2024-36514Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
Page 1 of 3