CVE-2024-36037

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions 7260 and below

Description The issue is related to insufficient access control in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. This allows unauthorized local agent machine users to view session recordings of other users.

Recommendations For Zoho ManageEngine ADAudit Plus versions 7260 and below, consider restricting access to session recordings until a patch is available. As a temporary workaround, limit the privileges of local agent machine users to prevent them from viewing sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.