What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2022-24978.

What is the severity level of CVE-2022-24978?

The severity level of CVE-2022-24978 is high.

How does CVE-2022-24978 allow authenticated Privilege Escalation on Integrated products?

CVE-2022-24978 allows authenticated Privilege Escalation on Integrated products because a password field is present in a JSON response.

Which version of Zoho ManageEngine ADAudit Plus is affected by CVE-2022-24978?

Zoho ManageEngine ADAudit Plus versions up to 6.0 and versions 7.0-7000 to 7.0-7054 are affected by CVE-2022-24978.

How can I fix CVE-2022-24978?

To fix CVE-2022-24978, it is recommended to upgrade to a patched version of Zoho ManageEngine ADAudit Plus.

Vulnerability/
CVE-2022-24978

high

8.8

CWE

319 522

5/4/2022

3/8/2024

CVE-2022-24978

First published: Tue Apr 05 2022(Updated: )

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zoho ManageEngine ADAudit Plus	<=6.0
Zoho ManageEngine ADAudit Plus	=7.0-7000
Zoho ManageEngine ADAudit Plus	=7.0-7002
Zoho ManageEngine ADAudit Plus	=7.0-7003
Zoho ManageEngine ADAudit Plus	=7.0-7004
Zoho ManageEngine ADAudit Plus	=7.0-7005
Zoho ManageEngine ADAudit Plus	=7.0-7006
Zoho ManageEngine ADAudit Plus	=7.0-7007
Zoho ManageEngine ADAudit Plus	=7.0-7008
Zoho ManageEngine ADAudit Plus	=7.0-7050
Zoho ManageEngine ADAudit Plus	=7.0-7051
Zoho ManageEngine ADAudit Plus	=7.0-7052
Zoho ManageEngine ADAudit Plus	=7.0-7053
Zoho ManageEngine ADAudit Plus	=7.0-7054

Remedy

https://pitstop.manageengine.com/portal/en/community/topic/cve-2022-24978-privilege-escalation-vulnerability-manageengine-adaudit-plus

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-24978.
What is the severity level of CVE-2022-24978?
The severity level of CVE-2022-24978 is high.
How does CVE-2022-24978 allow authenticated Privilege Escalation on Integrated products?
CVE-2022-24978 allows authenticated Privilege Escalation on Integrated products because a password field is present in a JSON response.
Which version of Zoho ManageEngine ADAudit Plus is affected by CVE-2022-24978?
Zoho ManageEngine ADAudit Plus versions up to 6.0 and versions 7.0-7000 to 7.0-7054 are affected by CVE-2022-24978.
How can I fix CVE-2022-24978?
To fix CVE-2022-24978, it is recommended to upgrade to a patched version of Zoho ManageEngine ADAudit Plus.

agent/type
agent/weakness
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/severity
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
vendor/zohocorp
canonical/zoho manageengine adaudit plus
version/zoho manageengine adaudit plus/6.0
version/zoho manageengine adaudit plus/7.0-7000
version/zoho manageengine adaudit plus/7.0-7002
version/zoho manageengine adaudit plus/7.0-7003
version/zoho manageengine adaudit plus/7.0-7004
version/zoho manageengine adaudit plus/7.0-7005
version/zoho manageengine adaudit plus/7.0-7006
version/zoho manageengine adaudit plus/7.0-7007
version/zoho manageengine adaudit plus/7.0-7008
version/zoho manageengine adaudit plus/7.0-7050
version/zoho manageengine adaudit plus/7.0-7051
version/zoho manageengine adaudit plus/7.0-7052
version/zoho manageengine adaudit plus/7.0-7053
version/zoho manageengine adaudit plus/7.0-7054