CVE-2022-24978

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions prior to 7055

Description The issue allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

Recommendations For versions prior to 7055, update to version 7055 or later to resolve the issue. As a temporary workaround, consider restricting access to Integrated products to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-319

Related Identifiers

CVE-2022-24978

Affected Products

Zoho Manageengine Adaudit Plus

CVE-2022-24978

Weakness Enumeration

Related Identifiers

Affected Products

References · 6