cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41140,https://securityvulnerability.io/vulnerability/CVE-2024-41140,Authorization Flaw in Zohocorp ManageEngine Applications Manager,"Zohocorp's ManageEngine Applications Manager versions 174000 and earlier exhibit a vulnerability due to improper authorization in the update user function. This flaw could potentially allow unauthorized users to perform actions that should be restricted, which could lead to unauthorized access or modification of user accounts. It is crucial for organizations using affected versions to apply security updates to mitigate potential risks associated with this vulnerability.",Manageengine,Applications Manager,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T11:14:50.910Z,0
CVE-2024-52323,https://securityvulnerability.io/vulnerability/CVE-2024-52323,Zohocorp ManageEngine Analytics Plus Vulnerable to Authenticated Sensitive Data Exposure,ManageEngine Analytics Plus versions prior to 6100 exhibit a vulnerability due to authenticated sensitive data exposure. This flaw allows authenticated users to access critical sensitive tokens that are associated with the organization’s administrative accounts. Such an exposure can lead to unauthorized access and potentially compromise the integrity and confidentiality of organizational data. Organizations utilizing affected versions are advised to apply necessary updates and review their security practices to mitigate the risk associated with this vulnerability.,Manageengine,Analytics Plus,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-27T09:54:07.999Z,0
CVE-2024-49574,https://securityvulnerability.io/vulnerability/CVE-2024-49574,Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability,"A SQL Injection vulnerability exists in the reports module of Zohocorp's ManageEngine ADAudit Plus, affecting all versions prior to 8123. This vulnerability allows an attacker to execute arbitrary SQL code, potentially leading to unauthorized access to sensitive data, loss of data integrity, or exposure of confidential information. Organizations using affected versions are encouraged to implement appropriate security measures and apply patches to mitigate the risk associated with this vulnerability.",Manageengine,Adaudit Plus,8.3,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-11-18T07:55:13.332Z,0
CVE-2024-10839,https://securityvulnerability.io/vulnerability/CVE-2024-10839,ManageEngine SharePoint Manager Plus vulnerable to XML External Entity (XXE) attack,"ManageEngine SharePoint Manager Plus, developed by Zohocorp, is susceptible to an authenticated XML External Entity (XXE) vulnerability. This issue arises in versions 4503 and earlier, specifically within the Management option of the application. An attacker exploiting this vulnerability can potentially access sensitive data from the server or cause denial of service conditions. It is essential for administrators using affected versions to review security measures and apply necessary updates to mitigate these risks.",Manageengine,Sharepoint Manager Plus,8.1,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-08T10:58:19.228Z,0
CVE-2024-24409,https://securityvulnerability.io/vulnerability/CVE-2024-24409,Privilege Escalation Vulnerability in ADManager Plus,"ManageEngine ADManager Plus, a product by ZohoCorp, is susceptible to a privilege escalation vulnerability that affects versions 7203 and earlier. This vulnerability is found within the 'Modify Computers' option, potentially allowing unauthorized users to escalate their privileges beyond intended access levels. Organizations utilizing this product should take precautionary measures to assess their current version and apply necessary updates to mitigate security risks.",Manageengine,Admanager Plus,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2024-11-08T08:01:12.844Z,0
CVE-2024-10203,https://securityvulnerability.io/vulnerability/CVE-2024-10203,Arbitrary File Deletion Vulnerability in EndPoint Central Agents,"ManageEngine EndPoint Central versions 11.3.2416.21 and earlier, along with version 11.3.2428.9 and below, are susceptible to an arbitrary file deletion flaw within the agent installed on user machines. This vulnerability could allow an attacker to manipulate file access controls, potentially leading to unauthorized deletion of crucial files. Organizations utilizing affected versions are advised to evaluate their security posture and apply necessary patches or mitigations to safeguard against potential exploitation.",Manageengine,Endpoint Central,7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T09:20:07.450Z,0
CVE-2024-9459,https://securityvulnerability.io/vulnerability/CVE-2024-9459,Zohocorp ManageEngine Exchange Reporter Plus vulnerable to SQL Injection,"Zohocorp's ManageEngine Exchange Reporter Plus versions up to and including 5718 have a vulnerability in its reports module that allows authenticated attackers to execute SQL injection attacks. This flaw can potentially lead to unauthorized access to sensitive data stored in the database, manipulating query execution and compromising the application's integrity. It is crucial for users of affected versions to apply available security patches to mitigate the risks associated with this vulnerability.",Manageengine,Exchange Reporter Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-11-05T05:44:57.368Z,0
CVE-2024-36485,https://securityvulnerability.io/vulnerability/CVE-2024-36485,SQL Injection Vulnerability in Technician Reports Option,"A SQL Injection vulnerability exists in the Technician reports feature of ManageEngine ADAudit Plus versions prior to 8121. This flaw allows unauthorized users to execute arbitrary SQL commands, which could lead to unauthorized access to sensitive data, modification of the database, or even full system compromise. Organizations utilizing affected versions are strongly advised to apply any available patches or updates to mitigate potential risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-11-04T11:13:02.838Z,0
CVE-2024-5608,https://securityvulnerability.io/vulnerability/CVE-2024-5608,Zohocorp ADAudit Plus Vulnerable to SQL Injection in Technician Reports,"ManageEngine ADAudit Plus, developed by Zohocorp, is susceptible to a SQL Injection vulnerability located within its technician reports feature. This flaw permits attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to sensitive data, data corruption, and overall system disruption. Users with versions below 8121 should prioritize upgrades to mitigate risks associated with this vulnerability and ensure the integrity of their auditing processes.",Manageengine,Adaudit Plus,8.1,HIGH,0.003809999907389283,false,,false,false,false,,,false,false,,2024-10-24T11:42:44.789Z,0
CVE-2024-38868,https://securityvulnerability.io/vulnerability/CVE-2024-38868,Incorrect Authorization Vulnerability Affects Zohocorp's Endpoint Central,"An incorrect authorization vulnerability exists in Zohocorp's ManageEngine Endpoint Central, which compromises the isolation capabilities of devices. This flaw allows unauthorized users to potentially interact with isolated endpoints, posing significant security risks. Affected versions are those prior to 11.3.2406.08 and 11.3.2400.15, emphasizing the importance of timely updates to safeguard against exploitation.",Manageengine,Endpoint Central,8.3,HIGH,0.02012000046670437,false,,false,false,false,,,false,false,,2024-08-30T17:44:38.932Z,0
CVE-2024-5546,https://securityvulnerability.io/vulnerability/CVE-2024-5546,Zohocorp Password Manager Pro vulnerable to SQL Injection via Global Search Option,"An authenticated SQL injection vulnerability has been identified in ManageEngine Password Manager Pro and PAM360, affecting versions prior to 12431 and 7001, respectively. This vulnerability allows attackers to exploit the global search functionality, potentially accessing and manipulating sensitive data hosted in the affected systems. Timely updates and patches are critical to mitigate the risks associated with this vulnerability.",Manageengine,"Password Manager Pro,Pam360",8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-28T08:44:09.433Z,0
CVE-2024-5586,https://securityvulnerability.io/vulnerability/CVE-2024-5586,Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection,"An authenticated SQL injection vulnerability has been identified in the extranet lockouts report option of ManageEngine ADAudit Plus, developed by Zoho Corp. This issue affects all versions below 8121. Attackers with authenticated access can exploit this vulnerability to compromise the database, potentially allowing for unauthorized data access and manipulation. Proper patching and version upgrades are critical to mitigating this risk.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:54:53.458Z,0
CVE-2024-5556,https://securityvulnerability.io/vulnerability/CVE-2024-5556,Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection,"ManageEngine ADAudit Plus, developed by Zohocorp, is susceptible to an authenticated SQL injection vulnerability affecting versions below 8000. This vulnerability exists within the reports module, where improper handling of user-supplied inputs can allow an attacker to execute arbitrary SQL commands. Exploiting this vulnerability could facilitate unauthorized access to sensitive database information, potentially compromising user data integrity and confidentiality. Organizations utilizing affected versions are strongly advised to upgrade to the latest version to mitigate the risks associated with this vulnerability.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:52:28.522Z,0
CVE-2024-5490,https://securityvulnerability.io/vulnerability/CVE-2024-5490,Authenticated SQL Injection in Zohocorp ManageEngine ADAudit Plus,"Zohocorp's ManageEngine ADAudit Plus, specifically versions prior to 8000, presents a significant security vulnerability due to an authenticated SQL injection flaw in its aggregate reports feature. This vulnerability could permit attackers with authenticated access to execute arbitrary SQL commands, potentially compromising sensitive data within the system. Organizations utilizing these versions should prioritize applying the necessary patches and updates to mitigate the risk of unauthorized data access and maintain the integrity of their data security.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:44:08.468Z,0
CVE-2024-36514,https://securityvulnerability.io/vulnerability/CVE-2024-36514,Authenticated SQL Injection Vulnerability in ManageEngine ADAudit Plus Below Version 8000,"The vulnerability affects Zohocorp's ManageEngine ADAudit Plus versions earlier than 8000, enabling an authenticated SQL injection through the file summary option. This flaw permits attackers to manipulate SQL queries, potentially leading to unauthorized access and exposure of sensitive data. Ensuring that systems are updated to the latest version is recommended to mitigate this risk and enhance overall security.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:37:56.318Z,0
CVE-2024-36515,https://securityvulnerability.io/vulnerability/CVE-2024-36515,ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection,"The vulnerability affects Zohocorp's ManageEngine ADAudit Plus prior to version 8000, where an authenticated SQL injection flaw exists in the dashboard component. This weakness allows authenticated attackers to manipulate SQL queries, potentially leading to unauthorized access or manipulation of data within the application. It is crucial for users to assess their systems and apply necessary patches or updates to mitigate associated risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:37:02.810Z,0
CVE-2024-36516,https://securityvulnerability.io/vulnerability/CVE-2024-36516,Zohocorp ADAudit Plus Versions Below 8000 Vulnerable to Authenticated SQL Injection,"The vulnerability allows an authenticated user to perform a SQL injection attack against the dashboard of the affected versions of ManageEngine ADAudit Plus. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive information or database compromise. Users of ADAudit Plus versions prior to 8000 are advised to apply patches or updates to mitigate these risks promptly.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:36:05.237Z,0
CVE-2024-36517,https://securityvulnerability.io/vulnerability/CVE-2024-36517,Zohocorp ManageEngine ADAudit Plus vulnerable to SQL injection,"An authenticated SQL injection vulnerability exists in the alerts module of ManageEngine ADAudit Plus, affecting versions below 8000. This security flaw can allow unauthorized users to manipulate SQL queries, potentially leading to data exposure or manipulation. Organizations using affected versions should take immediate steps to update their software to safeguard against potential attacks and ensure the integrity of their data.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:34:01.453Z,0
CVE-2024-5467,https://securityvulnerability.io/vulnerability/CVE-2024-5467,Zohocorp ManageEngine ADAudit Plus Versions Below 8121 Vulnerable to Authenticated SQL Injection,"ManageEngine ADAudit Plus versions prior to 8121 expose users to an authenticated SQL injection vulnerability within the account lockout report functionality. This security flaw allows an attacker with valid credentials to execute arbitrary SQL queries through the application, potentially leading to unauthorized access to sensitive information, modification of data, or even complete compromise of affected systems. Organizations using non-updated versions of ADAudit Plus may face significant security risks, making it vital to apply the necessary updates and maintain the integrity of their security posture.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-23T13:28:28.419Z,0
CVE-2024-5466,https://securityvulnerability.io/vulnerability/CVE-2024-5466,ManageEngine OpManager Vulnerable to Remote Code Execution,"ZohoCorp's ManageEngine OpManager and Remote Monitoring and Management are affected by an authenticated remote code execution vulnerability. This flaw, present in versions 128329 and below, allows attackers to exploit the deploy agent option, potentially leading to unauthorized execution of malicious code within the system. Users of these products should prioritize reviewing their configurations and applying necessary updates to mitigate associated risks.",Manageengine,"Opmanager, Remote Monitoring And Management",8.8,HIGH,0.0027199999894946814,false,,false,false,false,,,false,false,,2024-08-23T13:23:22.144Z,0
CVE-2024-36034,https://securityvulnerability.io/vulnerability/CVE-2024-36034,Zohocorp ADAudit Plus Vulnerability: Authenticated SQL Injection in Aggregate Reports' Search Option,"ManageEngine ADAudit Plus, a product from Zohocorp, has a vulnerability that allows for authenticated SQL Injection. This security flaw exists in the search option of aggregate reports within versions prior to 8003. This weakness could potentially be exploited by authenticated users to execute arbitrary SQL commands, leading to unauthorized data exposure or manipulation. Users are urged to upgrade to version 8003 or later to mitigate these risks and secure their systems against possible exploitation.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-12T07:23:17.212Z,0
CVE-2024-36035,https://securityvulnerability.io/vulnerability/CVE-2024-36035,Zohocorp ManageEngine ADAudit Plus vulnerable to authenticated SQL Injection,ManageEngine ADAudit Plus versions earlier than 8003 contain a vulnerability that allows authenticated users to exploit SQL injection flaws during user session recording. This can lead to unauthorized access to sensitive information and compromise data integrity within the application. It is essential for organizations utilizing ManageEngine ADAudit Plus to update to the latest version to mitigate potential security risks.,Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-12T07:19:54.491Z,0
CVE-2024-36518,https://securityvulnerability.io/vulnerability/CVE-2024-36518,Vulnerability in ManageEngine ADAudit Plus,"The vulnerability in ZohoCorp's ManageEngine ADAudit Plus stems from an authenticated SQL injection issue present in the attack surface analyzer's dashboard. This flaw allows attackers with valid credentials to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information stored in the system's database. Organizations using versions of ADAudit Plus earlier than 8110 should implement proper security measures and consider upgrading to the latest version to mitigate potential risks.",Manageengine,Adaudit Plus,8.3,HIGH,0.014120000414550304,false,,false,false,false,,,false,false,,2024-08-12T07:13:49.843Z,0
CVE-2024-5487,https://securityvulnerability.io/vulnerability/CVE-2024-5487,Zohocorp ManageEngine ADAudit Plus vulnerable to SQL Injection,"ManageEngine ADAudit Plus by Zohocorp contains a significant vulnerability identified as an authenticated SQL Injection, specifically affecting versions below 8110. This vulnerability arises in the attack surface analyzer's export option, allowing an attacker with valid credentials to manipulate SQL queries, potentially leading to unauthorized data access or data compromise. Organizations using these affected versions should implement remediation measures to safeguard against exploitation and ensure the integrity and confidentiality of their data.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-12T07:04:12.610Z,0
CVE-2024-5527,https://securityvulnerability.io/vulnerability/CVE-2024-5527,"{""value"":""Zohocorp ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection in File Auditing Configuration"",""type"":""short""}","ZohoCorp's ManageEngine ADAudit Plus versions prior to 8110 exhibit a significant security flaw characterized by authenticated SQL Injection. This vulnerability arises during the configuration of file auditing, exposing systems to potential exploitation by authorized users. By manipulating SQL queries, attackers can gain unauthorized access to sensitive information stored in the database, leading to possible data breaches and integrity issues. Organizations utilizing affected versions should prioritize updates to mitigate these risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2024-08-12T05:31:09.050Z,0