CVE-2024-5678

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170900:*:*:*:*:*:*

History

15 Aug 2024, 18:05

Type Values Removed Values Added
First Time Zohocorp
Zohocorp manageengine Applications Manager
CPE cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170900:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:*
References () https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html - () https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html - Vendor Advisory

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Zohocorp ManageEngine Applications Manager versiones 170900 e inferiores son vulnerables a la inyección SQL autenticada solo para administradores en la función Create Monitor.

01 Aug 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 07:15

Updated : 2024-08-15 18:05


NVD link : CVE-2024-5678

Mitre link : CVE-2024-5678

CVE.ORG link : CVE-2024-5678


JSON object : View

Products Affected

zohocorp

  • manageengine_applications_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')