CVE-2023-49331

EUVD-2023-53315
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
ManageEngineCNA
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_adaudit_plus
𝑥
< 7.2
zohocorpmanageengine_adaudit_plus
7.2:7200
zohocorpmanageengine_adaudit_plus
7.2:7201
zohocorpmanageengine_adaudit_plus
7.2:7202
zohocorpmanageengine_adaudit_plus
7.2:7203
zohocorpmanageengine_adaudit_plus
7.2:7210
zohocorpmanageengine_adaudit_plus
7.2:7211
zohocorpmanageengine_adaudit_plus
7.2:7212
zohocorpmanageengine_adaudit_plus
7.2:7213
zohocorpmanageengine_adaudit_plus
7.2:7215
zohocorpmanageengine_adaudit_plus
7.2:7220
zohocorpmanageengine_adaudit_plus
7.2:7250
zohocorpmanageengine_adaudit_plus
7.2:7251
zohocorpmanageengine_adaudit_plus
7.2:7260
zohocorpmanageengine_adaudit_plus
7.2:7270
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html