CVE-2024-48878 - Vulnerability Details

Vendors	Products
Zohocorp	Manageengine Admanager Plus

Link	Providers
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7230:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7231:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7232:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7240:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7241::::::

Type	Values Removed	Values Added
First Time appeared		Zohocorp Zohocorp manageengine Admanager Plus
CPEs		cpe:2.3:a:zohocorp:manageengine_admanager_plus::::::::
Vendors & Products		Zohocorp Zohocorp manageengine Admanager Plus
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
Title		SQL Injection
Weaknesses		CWE-89
References		https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-48878", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "ManageEngine", "dateReserved": "2024-10-09T10:57:57.152Z", "datePublished": "2024-11-04T10:56:26.641Z", "dateUpdated": "2024-11-04T15:22:39.321Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.manageengine.com/products/ad-manager/", "defaultStatus": "unaffected", "product": "ADManager Plus", "vendor": "ManageEngine", "versions": [{"lessThanOrEqual": "7241", "status": "affected", "version": "0", "versionType": "7241"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Archived Audit Report.</span><br>"}], "value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-11-04T10:56:26.641Z"}, "references": [{"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"}], "source": {"discovery": "INTERNAL"}, "title": "SQL Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zohocorp", "product": "manageengine_admanager_plus", "cpes": ["cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7241", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-04T15:20:43.036499Z", "id": "CVE-2024-48878", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T15:22:39.321Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-48878 (string)

assignerOrgId : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

state : PUBLISHED (string)

assignerShortName : ManageEngine (string)

dateReserved : 2024-10-09T10:57:57.152Z (string)

datePublished : 2024-11-04T10:56:26.641Z (string)

dateUpdated : 2024-11-04T15:22:39.321Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

collectionURL : https://www.manageengine.com/products/ad-manager/ (string)

defaultStatus : unaffected (string)

product : ADManager Plus (string)

vendor : ManageEngine (string)

versions : [ »

0 : { »

lessThanOrEqual : 7241 (string)

status : affected (string)

version : 0 (string)

versionType : 7241 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. (string)

}

]

value : Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 8.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-89 (string)

description : CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

shortName : ManageEngine (string)

dateUpdated : 2024-11-04T10:56:26.641Z (string)

}

references : [ »

0 : { »

url : https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html (string)

}

]

source : { »

discovery : INTERNAL (string)

}

title : SQL Injection (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : zohocorp (string)

product : manageengine_admanager_plus (string)

cpes : [ »

0 : cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : 7241 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-11-04T15:20:43.036499Z (string)

id : CVE-2024-48878 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-04T15:22:39.321Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-48878", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-04T15:20:43.036499Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"], "vendor": "zohocorp", "product": "manageengine_admanager_plus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7241"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T15:22:30.504Z"}}], "cna": {"title": "SQL Injection", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ManageEngine", "product": "ADManager Plus", "versions": [{"status": "affected", "version": "0", "versionType": "7241", "lessThanOrEqual": "7241"}], "collectionURL": "https://www.manageengine.com/products/ad-manager/", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report.", "supportingMedia": [{"type": "text/html", "value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Archived Audit Report.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-11-04T10:56:26.641Z"}}}, "cveMetadata": {"cveId": "CVE-2024-48878", "state": "PUBLISHED", "dateUpdated": "2024-11-04T15:22:39.321Z", "dateReserved": "2024-10-09T10:57:57.152Z", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "datePublished": "2024-11-04T10:56:26.641Z", "assignerShortName": "ManageEngine"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-48878 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-11-04T15:20:43.036499Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* (string)

]

vendor : zohocorp (string)

product : manageengine_admanager_plus (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : 7241 (string)

}

]

defaultStatus : unaffected (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-04T15:22:30.504Z (string)

}

]

cna : { »

title : SQL Injection (string)

source : { »

discovery : INTERNAL (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 8.3 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : LOW (string)

privilegesRequired : LOW (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : ManageEngine (string)

product : ADManager Plus (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : 7241 (string)

lessThanOrEqual : 7241 (string)

}

]

collectionURL : https://www.manageengine.com/products/ad-manager/ (string)

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html (string)

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-89 (string)

description : CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (string)

}

]

}

]

providerMetadata : { »

orgId : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

shortName : ManageEngine (string)

dateUpdated : 2024-11-04T10:56:26.641Z (string)

}

cveMetadata : { »

cveId : CVE-2024-48878 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-04T15:22:39.321Z (string)

dateReserved : 2024-10-09T10:57:57.152Z (string)

assignerOrgId : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

datePublished : 2024-11-04T10:56:26.641Z (string)

assignerShortName : ManageEngine (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A", "versionEndExcluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*", "matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*", "matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*", "matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*", "matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:*:*:*:*:*:*", "matchCriteriaId": "AD2880B4-88AD-49E4-B423-5C0CCCF5DF4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:*:*:*:*:*:*", "matchCriteriaId": "C8BCAFB6-F46D-4E09-8827-13ED1A7D5740", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:*:*:*:*:*:*", "matchCriteriaId": "0D0166A3-B34B-44FC-9DB8-E06BDDAC7CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:*:*:*:*:*:*", "matchCriteriaId": "CE25B1E5-D380-490C-98A6-121FA10A3311", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:*:*:*:*:*:*", "matchCriteriaId": "50283EE9-A9EC-4BD2-958E-F2A278B84C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:*:*:*:*:*:*", "matchCriteriaId": "645C5636-1E03-47D2-834B-3DE95B347E1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:*:*:*:*:*:*", "matchCriteriaId": "4340408B-3928-430F-BDBA-10E43F25C595", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:*:*:*:*:*:*", "matchCriteriaId": "C792F787-B6F6-4908-923C-25679BA67988", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7230:*:*:*:*:*:*", "matchCriteriaId": "826183CE-C9B9-4C34-8885-3773F42AAAB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7231:*:*:*:*:*:*", "matchCriteriaId": "F7A9A00F-1792-4DAA-B393-AFAB279F850C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7232:*:*:*:*:*:*", "matchCriteriaId": "250DC9F9-082E-4C3A-B0C4-681C8AFCCD50", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7240:*:*:*:*:*:*", "matchCriteriaId": "308413DB-AB0D-47B1-863E-B6C4B6D88D2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7241:*:*:*:*:*:*", "matchCriteriaId": "CB2D7A55-BC4E-451C-BA49-AAAA5180724B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."}, {"lang": "es", "value": " Las versiones 7241 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la inyecci\u00f3n SQL en el informe de auditor\u00eda archivado."}], "id": "CVE-2024-48878", "lastModified": "2024-11-05T19:44:58.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}]}, "published": "2024-11-04T11:15:06.417", "references": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"}], "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A (string)

versionEndExcluding : 7.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:* (string)

matchCriteriaId : 1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:* (string)

matchCriteriaId : 72C14C6D-5C72-4A39-A8FF-93CD89C831C9 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:* (string)

matchCriteriaId : D47DA377-0AF4-453E-9605-A5F87FA14E61 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:* (string)

matchCriteriaId : BC919233-CE66-416C-8649-B94A23F131F5 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:*:*:*:*:*:* (string)

matchCriteriaId : AD2880B4-88AD-49E4-B423-5C0CCCF5DF4B (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:*:*:*:*:*:* (string)

matchCriteriaId : C8BCAFB6-F46D-4E09-8827-13ED1A7D5740 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:*:*:*:*:*:* (string)

matchCriteriaId : 0D0166A3-B34B-44FC-9DB8-E06BDDAC7CC8 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:*:*:*:*:*:* (string)

matchCriteriaId : CE25B1E5-D380-490C-98A6-121FA10A3311 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:*:*:*:*:*:* (string)

matchCriteriaId : 50283EE9-A9EC-4BD2-958E-F2A278B84C0B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:*:*:*:*:*:* (string)

matchCriteriaId : 645C5636-1E03-47D2-834B-3DE95B347E1F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:*:*:*:*:*:* (string)

matchCriteriaId : 4340408B-3928-430F-BDBA-10E43F25C595 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:*:*:*:*:*:* (string)

matchCriteriaId : C792F787-B6F6-4908-923C-25679BA67988 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7230:*:*:*:*:*:* (string)

matchCriteriaId : 826183CE-C9B9-4C34-8885-3773F42AAAB9 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7231:*:*:*:*:*:* (string)

matchCriteriaId : F7A9A00F-1792-4DAA-B393-AFAB279F850C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7232:*:*:*:*:*:* (string)

matchCriteriaId : 250DC9F9-082E-4C3A-B0C4-681C8AFCCD50 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7240:*:*:*:*:*:* (string)

matchCriteriaId : 308413DB-AB0D-47B1-863E-B6C4B6D88D2D (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7241:*:*:*:*:*:* (string)

matchCriteriaId : CB2D7A55-BC4E-451C-BA49-AAAA5180724B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. (string)

}

1 : { »

lang : es (string)

value : Las versiones 7241 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la inyección SQL en el informe de auditoría archivado. (string)

}

]

id : CVE-2024-48878 (string)

lastModified : 2024-11-05T19:44:58.650 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 8.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.5 (number)

source : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

type : Secondary (string)

}

]

}

published : 2024-11-04T11:15:06.417 (string)

references : [ »

0 : { »

source : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html (string)

}

]

sourceIdentifier : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : 0fc0942c-577d-436f-ae8e-945763c79b02 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object