Unauthorized Local Access in Zoho ManageEngine ADAudit Plus (7.260)
CVE-2024-36036 Published on May 27, 2024
Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
Vulnerability Analysis
CVE-2024-36036 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-36036 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-36036
Want to know whenever a new CVE is published for Zoho Corp Manageengine Adaudit Plus? stack.watch will email you.
Affected Versions
ManageEngine ADAudit Plus:- Before 7270 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.