CVE-2024-5678

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
01/08/2024
Last modified:
15/08/2024

Description

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:* 16.8 (excluding)
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170200:*:*:*:*:*:*