[CVE-2022-24978] Privilege Escalation Vulnerability - ManageEngine ADAudit Plus

[CVE-2022-24978] Privilege Escalation Vulnerability - ManageEngine ADAudit Plus

Severity: High

CVEID: CVE-2022-24978

Affected Software Version(s): Build 7054 and below

Fixed Version: Build 7055

Fixed on: 8th March, 2022

Details: CVE-2022-24978 refers to a vulnerability that allows a low privileged user to access the plain text password of the integrated ADManager Plus login account in ManageEngine ADAudit Plus. This issue has been fixed by removing the password field from the JSON response.

Impact: As the password is disclosed in plain text, a low privileged attacker can gain elevated privileges depending on the privileges of the integrated ADManager Plus login account.

Steps to upgrade: Update your ADAudit Plus instance to build 7055 using the service pack.

Acknowledgments: This issue was reported by Sahil Dhar.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products