CVE-2024-21791

Summary

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ManageEngineADAudit Plus0 < 7271affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References