Zoho Corporation ManageEngine ADAudit Plus 7.2 7260

CPE Details

Zoho Corporation ManageEngine ADAudit Plus 7.2 7260
zohocorp
manageengine_adaudit_plus
7.2
2024-01-31
18h19 +00:00
2024-01-31
18h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7260:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_adaudit_plus

Version

7.2

Update

7260

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-41444 2025-06-09 11h14 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
8.3
High
CVE-2025-36528 2025-06-09 11h12 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
8.3
High
CVE-2025-27709 2025-06-09 11h04 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
8.3
High
CVE-2025-41407 2025-05-23 10h29 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
8.3
High
CVE-2025-36527 2025-05-23 10h28 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
8.3
High
CVE-2025-41403 2025-05-22 10h39 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
8.3
High
CVE-2025-3836 2025-05-22 10h38 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
8.3
High
CVE-2025-3834 2025-05-14 11h05 +00:00 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
8.1
High
CVE-2024-49574 2024-11-18 07h55 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
8.8
High
CVE-2024-36485 2024-11-04 11h13 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
8.8
High
CVE-2024-5608 2024-10-24 11h42 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
8.3
High
CVE-2024-5586 2024-08-23 13h54 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
8.8
High
CVE-2024-5556 2024-08-23 13h52 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
8.8
High
CVE-2024-5490 2024-08-23 13h44 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
8.8
High
CVE-2024-36514 2024-08-23 13h37 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
8.8
High
CVE-2024-36515 2024-08-23 13h37 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
8.8
High
CVE-2024-36516 2024-08-23 13h36 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
8.8
High
CVE-2024-36517 2024-08-23 13h34 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
8.8
High
CVE-2024-5467 2024-08-23 13h28 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
8.8
High
CVE-2024-36034 2024-08-12 07h23 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
8.8
High
CVE-2024-36035 2024-08-12 07h19 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
8.8
High
CVE-2024-36518 2024-08-12 07h13 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
8.3
High
CVE-2024-5487 2024-08-12 07h04 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
8.8
High
CVE-2024-5527 2024-08-12 05h31 +00:00 Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
8.8
High
CVE-2024-36037 2024-05-27 17h59 +00:00 Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
5.5
Medium
CVE-2024-36036 2024-05-27 17h58 +00:00 Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
4.2
Medium
CVE-2024-21791 2024-05-22 18h05 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.
7.2
High
CVE-2023-49335 2024-05-20 17h55 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
8.8
High
CVE-2023-49334 2024-05-20 17h55 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
8.8
High
CVE-2023-49333 2024-05-20 17h51 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
8.8
High
CVE-2023-49332 2024-05-20 17h45 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
8.8
High
CVE-2023-49331 2024-05-20 17h35 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
8.8
High
CVE-2023-49330 2024-05-20 12h19 +00:00 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
8.8
High
CVE-2024-0269 2024-02-02 13h05 +00:00 ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
8.8
High
CVE-2024-0253 2024-02-02 12h50 +00:00 ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
8.8
High
CVE-2023-48793 2024-02-02 00h00 +00:00 Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
9.8
Critical
CVE-2023-50785 2024-01-24 23h00 +00:00 Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
2.7
Low
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.