VYPR

ManageEngine ADAudit Plus

by Zoho

CVEs (22)

  • CVE-2022-28219CriApr 5, 2022
    risk 0.74cvss 9.8epss 0.97

    Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

  • CVE-2021-42847CriNov 11, 2021
    risk 0.72cvss 9.8epss 0.70

    Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.

  • CVE-2020-24786CriAug 31, 2020
    risk 0.65cvss 9.8epss 0.13

    An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…

  • CVE-2023-48793CriFeb 2, 2024
    risk 0.64cvss 9.8epss 0.07

    Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

  • CVE-2023-48792CriFeb 2, 2024
    risk 0.64cvss 9.8epss 0.07

    Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

  • CVE-2020-21642CriAug 15, 2022
    risk 0.64cvss 9.8epss 0.08

    Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

  • CVE-2022-29457HigApr 18, 2022
    risk 0.61cvss 8.8epss 0.08

    Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

  • CVE-2022-24978HigApr 5, 2022
    risk 0.57cvss 8.8epss 0.01

    Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

  • CVE-2023-49335HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

  • CVE-2023-49334HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

  • CVE-2023-49333HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

  • CVE-2023-49332HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

  • CVE-2023-49331HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

  • CVE-2023-49330HigMay 20, 2024
    risk 0.54cvss 8.3epss 0.02

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

  • CVE-2023-32783HigAug 7, 2023
    risk 0.49cvss 7.5epss 0.03

    The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."

  • CVE-2020-21641HigAug 15, 2022
    risk 0.49cvss 7.5epss 0.04

    Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.

  • CVE-2018-19118HigDec 13, 2018
    risk 0.49cvss 7.5epss 0.07

    Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.

  • CVE-2024-36037MedMay 27, 2024
    risk 0.36cvss 5.5epss 0.00

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.

  • CVE-2023-37308MedJul 7, 2023
    risk 0.35cvss 5.4epss 0.02

    Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.

  • CVE-2024-21791MedMay 22, 2024
    risk 0.31cvss 4.7epss 0.02

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

Page 1 of 2