CVE-2024-5678

Medium

Low Medium High Critical

4.7

CVSS Score

Published: Aug 01, 2024

Last Modified: Aug 15, 2024

CWE: CWE-89

Vulnerability Description

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

N

Attack Complexity

L

Privileges Required

H

User Interaction

N

Scope

U

Confidentiality

L

Integrity

L

Availability

L

Known Affected Software

57 configuration(s) from 1 vendor(s)

manageengine_applications_manager

Version:

13.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:build13100:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.9

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

17.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170005:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16591:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.0:build16000:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.7

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.7:build11700:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.7

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.7:build16705:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.2:build16200:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.6

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.6:build16690:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.1:build11110:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.9

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11900:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12000:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.4

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.4:*:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.8

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.8:build11800:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.8

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8:build12810:*:*:*:*:*:*

manageengine_applications_manager

Version:

15.9

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:15.9:build15990:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.3

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14300:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.3

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.3:build11300:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.7

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13740:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5:build12500:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14100:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.7

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14750:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13200:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.4

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.4:build11410:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.4

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14400:*:*:*:*:*:*

manageengine_applications_manager

Version:

15.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:15.2:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.9

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9:build12900:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11200:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.9

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13900:*:*:*:*:*:*

manageengine_applications_manager

Version:

15.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:15.0:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.6

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13600:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.6

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6:build12600:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11010:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12100:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.6

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.6:build11610:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.8

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16845:*:*:*:*:*:*

manageengine_applications_manager

Version:

15.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.13820

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.13820:*:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14841:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.6

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13500:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.3

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:build12300:*:*:*:*:*:*

manageengine_applications_manager

Version:

15.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:-:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.8

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13800:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.7

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12700:*:*:*:*:*:*

manageengine_applications_manager

Version:

11.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:11.5:build11520:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.8

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.8:*:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.1

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.1:build16110:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.0

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:build13000:*:*:*:*:*:*

manageengine_applications_manager

Version:

13

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13:*:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.3

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3:build13300:*:*:*:*:*:*

manageengine_applications_manager

Version:

12.2

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12200:*:*:*:*:*:*

manageengine_applications_manager

Version:

13.4

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13400:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.3

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*

manageengine_applications_manager

Version:

14.5

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14550:*:*:*:*:*:*

manageengine_applications_manager

Version:

16.4

CPE:

cpe:2.3:a:zohocorp:manageengine_applications_manager:16.4:build16400:*:*:*:*:*:*

This vulnerability affects 57 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html
0fc0942c-577d-436f-ae8e-945763c79b02 Vendor Advisory

Severity Details

4.7

out of 10.0

Medium

Weakness Type (CWE)

CWE-89 Top 25 #3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: August 01, 2024

External Resources

NIST

National Vulnerability Database

Official CVE record

Related News Articles

Latest news and updates about CVE-2024-5678

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026) - Red Hat, Linux kernel, vulnerabilities

Mar 29, 2026

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the Red Hat Linux kernel, posing significant risks to system security.

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026) - SUSE Linux, kernel vulnerabilities, buffer overflow

Mar 29, 2026

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the SUSE Linux kernel, posing significant risks to system security. Immediate action is…

N8n Vulnerabilities: Remote Code Execution Risk - n8n, vulnerability, remote code execution

Mar 29, 2026

N8n Vulnerabilities: Remote Code Execution Risk

Two critical vulnerabilities in n8n's sandbox mechanism could lead to remote code execution if exploited.

Linux Security Alert: Exploited Vulnerabilities Raise Concern - Linux security, vulnerabilities, Telnet

Mar 29, 2026

Linux Security Alert: Exploited Vulnerabilities Raise Concern

Organizations worldwide have been warned about critical vulnerabilities in Linux systems that have been actively exploited by threat actors.

Hackers Exploit Multiple Zero-Days at Pwn2Own Automotive 2026 - Pwn2Own Automotive, zero-day vulnerabilities, automotive security

Mar 29, 2026

Hackers Exploit Multiple Zero-Days at Pwn2Own Automotive 2026

Hackers exploit 29 zero-day vulnerabilities on the second day of Pwn2Own Automotive, demonstrating the evolving threat landscape in automotive cybersecurity.

Mar 29, 2026

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & More

A roundup of cybersecurity threats for this week, including Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, and Crypto Scams.

View All Related Articles