CVE-2024-36036

CVSS v3.1

4.2

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions 7260 and below

Description The issue is related to information disclosure in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information or modify the configuration of the software. It is reported that unauthorized local agent machine users can access sensitive information and modify the agent configuration.

Recommendations For Zoho ManageEngine ADAudit Plus versions 7260 and below, update to a version above 7260 to resolve the issue. As a temporary workaround, consider restricting access to the agent configuration to minimize the risk of exploitation.

Fix

Improper Access Control

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862CWE-200

Related Identifiers

BDU:2024-05915

BDU:2024-05916

CVE-2024-36036

Affected Products

Zoho Manageengine Adaudit Plus

CVE-2024-36036

Weakness Enumeration

Related Identifiers

Affected Products

References · 12