CVE-2024-36518

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions below 8110

Description: The issue is related to a lack of protection of the SQL query structure in the Windows Active Directory management and reporting tool. This can allow a remote attacker to execute custom queries and gain access to database table records. The vulnerability is associated with an authenticated SQL Injection in the attack surface analyzer's dashboard.

Recommendations: For Zohocorp ManageEngine ADAudit Plus versions below 8110, update to a version 8110 or later to resolve the issue. As a temporary workaround, consider restricting access to the attack surface analyzer's dashboard until a patch is available. Avoid using the vulnerable SQL query structure in the dashboard until the issue is resolved. At the moment, there is no other information about additional mitigation measures.