Versio.io

CVE-2022-24978

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 05-04-2022 09:15
Last modified: - 12-04-2022 07:15
Total changes: - 2

Description

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=zohocorp AND product=manageengine_adaudit_plus AND versionEndIncluding=6.0
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7000
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7002
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7003
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7004
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7005
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7006
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7007
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7008
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7050
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7051
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7052
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7053
vendor=zohocorp AND product=manageengine_adaudit_plus AND version=7.0 AND update=7054
 

Reference

 


Keywords

NVD

 

CVE-2022-24978

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.