PT-2018-14812 · Zoho · Zoho Manageengine Adaudit Plus

Published

2018-12-13

Updated

2020-08-24

CVE-2018-19118

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit versions prior to 5.1 build 5120

Description The issue allows remote attackers to cause a denial of service due to a stack-based buffer overflow. This occurs via the Domain Name field when adding a new domain.

Recommendations For versions prior to 5.1 build 5120, update to version 5.1 build 5120 or later to resolve the issue. As a temporary workaround, consider restricting access to the domain addition feature to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-19118

Affected Products

Zoho Manageengine Adaudit Plus

PT-2018-14812 · Zoho · Zoho Manageengine Adaudit Plus

CVE-2018-19118

Weakness Enumeration

Related Identifiers

Affected Products

References · 3