ManageEngine (ADAudit Plus, ADAudit Plus, and others) Family August 2024 Security Update Advisory

Overview

 

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

All ADAudit Plus builds of ADAudit Plus 8110 or below

All ADAudit Plus build versions of ADAudit Plus 8110 or below

All ADAudit Plus builds of ADAudit Plus 8110 or below

 

Resolved Vulnerabilities

 

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2024-5527) [1]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2024-5487) [2]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2024-36518) [3]

 

Vulnerability Patches

 

Please follow the security advisory published on August 12, 2018 to update to the appropriate version and the latest version.

ADAudit Plus build 8110 version

ADAudit Plus Build 8110 version

ADAudit Plus Build 8110 version

 

Referenced Sites

 

[1] CVE-2024-5527 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2024-5527.html

[2] CVE-2024-5487 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html

[3] CVE-2024-36518 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2024-36518.html