CVE-2024-36034

Summary

CVE-2024-36034 is a newly disclosed vulnerability affecting Zohocorp's ManageEngine ADAudit Plus. Versions below 8.003 are at risk, as they contain an authenticated SQL injection flaw in the aggregate reports' search option. An attacker can exploit this vulnerability by manipulating input in the search field, allowing them to execute malicious SQL queries and potentially gain unauthorized access to sensitive data. This issue could lead to data theft or privilege escalation. It is recommended that affected organizations upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.