CVE-2024-5586

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine ADAudit Plus versions below 8121

Description The issue concerns an authenticated SQL injection vulnerability in the extranet lockouts report option. This vulnerability can be exploited by authenticated users, potentially leading to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions below 8121, upgrade to version 8121 to mitigate risks. As a temporary workaround, consider restricting access to the extranet lockouts report option until the issue is resolved.