CVE-2022-24978

HIGH

Zohocorp Manageengine Adaudit Plus < 6.0 - Cleartext Transmission

Title source: rule

Description

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

References (2)

[Vendor Advisory] https://manageengine.com

[Patch, Vendor Advisory] https://pitstop.manageengine.com/portal/en/community/topic/cve-2022-24978-privilege-escalation-vulnerability-manageengine-adaudit-plus

Scores

CVSS v3 8.8

EPSS 0.0023

EPSS Percentile 45.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (14)

zohocorp/manageengine_adaudit_plus < 6.0

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

zohocorp/manageengine_adaudit_plus

Timeline

Published Apr 05, 2022

Tracked Since Feb 18, 2026