Zoho Corporation ManageEngine ADAudit Plus 7.2 7202
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*
part: a version: 7.2 update: 7202
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Adaudit Plus (3794d677-c3f5-5c1b-ba18-a97145cbdafa) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-36037 |
vulnerable | 2026-06-03 14:56:03.437692 |
Insufficient Access Control Vulnerability
MEDIUM (5.5)
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
Published: 2024-05-27T17:59:52.711Z
Updated: 2024-10-25T18:58:51.787Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36036 |
vulnerable | 2026-06-03 14:56:03.430443 |
Insufficient Access Control Vulnerability
MEDIUM (4.2)
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
Published: 2024-05-27T17:58:16.113Z
Updated: 2024-10-31T15:21:20.581Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21791 |
vulnerable | 2026-06-03 14:54:50.772109 |
SQL Injection in ADAudit Plus
MEDIUM (4.7)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
Published: 2024-05-22T18:05:23.307Z
Updated: 2024-08-01T22:27:36.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0269 |
vulnerable | 2026-06-03 14:54:02.054084 |
SQL Injection
HIGH (8.3)
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
Published: 2024-02-02T13:05:35.762Z
Updated: 2024-08-01T17:41:16.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0253 |
vulnerable | 2026-06-03 14:54:02.006370 |
SQL Injection
HIGH (8.3)
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
Published: 2024-02-02T12:50:35.088Z
Updated: 2024-08-01T17:41:16.062Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6105 |
vulnerable | 2026-06-03 14:53:50.379390 |
ManageEngine Information Disclosure in Multiple Products
MEDIUM (5.5)
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Published: 2023-11-15T20:57:47.981Z
Updated: 2025-02-13T17:26:03.759Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50785 |
vulnerable | 2026-06-03 14:53:31.418545 |
Details available
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
Published: 2024-01-25T00:00:00.000Z
Updated: 2024-10-28T00:16:23.874Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49335 |
vulnerable | 2026-06-03 14:53:20.693103 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
Published: 2024-05-20T17:55:49.809Z
Updated: 2024-08-02T21:53:44.995Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49334 |
vulnerable | 2026-06-03 14:53:20.692355 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
Published: 2024-05-20T17:55:14.220Z
Updated: 2024-08-02T21:53:45.017Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49333 |
vulnerable | 2026-06-03 14:53:20.691480 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
Published: 2024-05-20T17:51:50.719Z
Updated: 2024-08-02T21:53:45.406Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49332 |
vulnerable | 2026-06-03 14:53:20.690566 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
Published: 2024-05-20T17:45:36.459Z
Updated: 2024-08-02T21:53:45.011Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49331 |
vulnerable | 2026-06-03 14:53:20.689806 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
Published: 2024-05-20T17:35:49.217Z
Updated: 2024-08-02T21:53:44.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49330 |
vulnerable | 2026-06-03 14:53:20.688995 |
Details available
HIGH (8.3)
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
Published: 2024-05-20T12:19:59.734Z
Updated: 2024-08-02T21:53:45.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48793 |
vulnerable | 2026-06-03 14:53:19.833916 |
Details available
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
Published: 2024-02-02T00:00:00.000Z
Updated: 2025-06-11T16:59:05.641Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48792 |
vulnerable | 2026-06-03 14:53:19.829725 |
Details available
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
Published: 2024-02-02T00:00:00.000Z
Updated: 2025-06-11T16:58:13.575Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35785 |
vulnerable | 2026-06-03 14:52:18.711652 |
Details available
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
Published: 2023-08-28T00:00:00.000Z
Updated: 2024-08-02T16:30:45.335Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.