CVE-2024-0269

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 2, 2024

Updated: Jul 3, 2024

CWE ID 89

Summary

CVE-2024-0269 is a vulnerability affecting ManageEngine ADAudit Plus versions 7270 and below. The issue involves an Authenticated SQL injection in the File-Summary DrillDown feature, allowing unauthorized users with valid credentials to execute malicious SQL statements and potentially gain unauthorized access to sensitive data. This vulnerability has been addressed and resolved in version 7271.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ADAudit Plus

Affected Vendors

Zoho Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uDDjoq
https://www.cve.org/CVERecord?id=CVE-2024-0269
https://nvd.nist.gov/vuln/detail/CVE-2024-0269

Back to Vulnerability Database