← Back

CVE-2024-36037

nvd nist
Published: May 27, 2024Modified: Nov 27, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.

Affected (14)

Zohocorp
1 product
Manageengine Adaudit Plus
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Adaudit Plus
Before 7.2
Manageengine Adaudit Plus
Version 7.2 7200
Manageengine Adaudit Plus
Version 7.2 7201
Manageengine Adaudit Plus
Version 7.2 7202
Manageengine Adaudit Plus
Version 7.2 7203
Manageengine Adaudit Plus
Version 7.2 7210
Manageengine Adaudit Plus
Version 7.2 7211
Manageengine Adaudit Plus
Version 7.2 7212
Manageengine Adaudit Plus
Version 7.2 7213
Manageengine Adaudit Plus
Version 7.2 7215
Manageengine Adaudit Plus
Version 7.2 7220
Manageengine Adaudit Plus
Version 7.2 7250
Manageengine Adaudit Plus
Version 7.2 7251
Manageengine Adaudit Plus
Version 7.2 7260

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: 0fc0942c-577d-436f-ae8e-945763c79b02
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.