CVE-2024-36037

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions 7260 and below

Description The issue is related to insufficient access control in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. This allows unauthorized local agent machine users to view session recordings of other users.

Recommendations For Zoho ManageEngine ADAudit Plus versions 7260 and below, consider restricting access to session recordings until a patch is available. As a temporary workaround, limit the privileges of local agent machine users to prevent them from viewing sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

BDU:2024-05915

CVE-2024-36037

Affected Products

Zoho Manageengine Adaudit Plus

CVE-2024-36037

Weakness Enumeration

Related Identifiers

Affected Products

References · 12