Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_adaudit_plus | Zohocorp | * | 6.0 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7000 (including) | 7.0-7000 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7002 (including) | 7.0-7002 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7003 (including) | 7.0-7003 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7004 (including) | 7.0-7004 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7005 (including) | 7.0-7005 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7006 (including) | 7.0-7006 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7007 (including) | 7.0-7007 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7008 (including) | 7.0-7008 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7050 (including) | 7.0-7050 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7051 (including) | 7.0-7051 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7052 (including) | 7.0-7052 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7053 (including) | 7.0-7053 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0-7054 (including) | 7.0-7054 (including) |