Vulnerabilites related to ManageEngine - ADManager Plus
CVE-2024-24409 (GCVE-0-2024-24409)
Vulnerability from cvelistv5
Published
2024-11-08 08:01
Modified
2024-11-08 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADManager Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_admanager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "7203",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T14:19:23.042539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T14:20:25.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/ad-manager/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ADManager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "7203",
"status": "affected",
"version": "0",
"versionType": "7203"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "metin kandemir"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u0026nbsp;Privilege Escalation in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eModify Computers option.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:01:12.844Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-24409.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-24409",
"datePublished": "2024-11-08T08:01:12.844Z",
"dateReserved": "2024-01-25T09:12:44.368Z",
"dateUpdated": "2024-11-08T14:20:25.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48878 (GCVE-0-2024-48878)
Vulnerability from cvelistv5
Published
2024-11-04 10:56
Modified
2024-11-04 15:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADManager Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_admanager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "7241",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T15:20:43.036499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T15:22:39.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/ad-manager/",
"defaultStatus": "unaffected",
"product": "ADManager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "7241",
"status": "affected",
"version": "0",
"versionType": "7241"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArchived Audit Report.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T10:56:26.641Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-48878",
"datePublished": "2024-11-04T10:56:26.641Z",
"dateReserved": "2024-10-09T10:57:57.152Z",
"dateUpdated": "2024-11-04T15:22:39.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}