8.8
CVE-2022-24978
- EPSS 0.23%
- Veröffentlicht 05.04.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:51:29
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adaudit Plus Version <= 6.0
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7000
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7002
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7003
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7004
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7005
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7006
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7007
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7008
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7050
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7051
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7052
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7053
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7054
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.459 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.