ManageEngine, a leading provider of IT service management solutions, has issued security advisories for multiple SQL injection vulnerabilities affecting its ADAudit and OpManager products.
In this article, we’ll go through the details of these vulnerabilities, their impact, and the necessary steps to mitigate.
ManageEngine ADAudit
ManageEngine ADAudit Plus, a popular tool for auditing Active Directory and file servers has been found vulnerable to six authenticated SQL injection vulnerabilities. These flaws, identified as CVE-2024-36514, CVE-2024-36515, CVE-2024-36516, CVE-2024-36517, CVE-2024-5467, and CVE-2024-5490, affect versions below 8000 and 8121.
The vulnerabilities were discovered in various features of ADAudit Plus, including the file summary option, dashboard, alerts module, account lockout report, aggregate reports option, and reports module. An attacker with authenticated access to these features could potentially inject malicious SQL code, leading to unauthorized data access, modification, or deletion.
ManageEngine OpManager
ManageEngine OpManager, a network management solution, has been found vulnerable to a remote code execution flaw. Identified as CVE-2024-5466, this vulnerability affects versions 128329 and below. An attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a complete compromise of the network.
What is Authenticated SQL Injection?
Authenticated SQL injection is a type of vulnerability that allows an attacker to inject malicious SQL code into a database, but only after they have already authenticated with the system. In these attacks, malicious users can manipulate SQL queries to bypass application logic, retrieve unauthorized data, modify database contents, execute administrative operations on the database or even gain a remote shell on the infected server.
The Fix
To mitigate these vulnerabilities, ManageEngine has released patches for affected versions of ADAudit Plus and OpManager. It is important to follow the vendor’s instructions and to apply these patches as soon as possible to ensure the security and integrity of your IT infrastructure.
