CVE-2024-21791 - OpenCVE

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-05-22T18:05:23.307Z

Updated: 2024-06-07T08:27:54.457Z

Reserved: 2024-01-11T12:44:32.608Z

Link: CVE-2024-21791

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-22T18:15:09.740

Modified: 2024-06-07T09:15:10.820

Link: CVE-2024-21791

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21791", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "ManageEngine", "dateReserved": "2024-01-11T12:44:32.608Z", "datePublished": "2024-05-22T18:05:23.307Z", "dateUpdated": "2024-06-07T08:27:54.457Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "ADAudit Plus", "vendor": "ManageEngine", "versions": [{"lessThan": "7271", "status": "affected", "version": "0", "versionType": "7271"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b></b>Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. <br><b>Note</b>: Non-admin users cannot exploit this vulnerability."}], "value": "Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. \nNote: Non-admin users cannot exploit this vulnerability."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-06-07T08:27:54.457Z"}, "references": [{"url": "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection in ADAudit Plus", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21791", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T18:36:46.444325Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:34.762Z"}}]}}