Zoho released a security update for a critical SQL injection flaw in ADAudit Plus (CVE-2024-49574), fixed in version 8123 on November 8, 2024.
The SQL injection vulnerability was found in ADAudit Plus, a popular tool for Active Directory auditing and monitoring. The flaw was in the report generation feature and could be exploited by an authenticated attacker.
SQL Injection Vulnerability (CVE-2024-49574)
The vulnerability, CVE-2024-49574, allowed an authenticated attacker to run arbitrary SQL queries on the system. Exploiting this flaw could give an attacker access to database tables, allowing them to view, modify, or delete sensitive data.
This vulnerability posed a serious security threat to organizations using ADAudit Plus to monitor their Active Directory.
According to a report from ManageEngine, the risk was particularly concerning due to the potential for unauthorized database access. An attacker could undermine the integrity of audit data, compromising Active Directory monitoring and opening the door to further security breaches.
Zoho has issued an urgent call for all ADAudit Plus users to update to build 8123, which addresses a critical SQL injection vulnerability. The update is essential to prevent potential exploitation and protect sensitive data. Users can download the service pack directly from the official website or use the product’s built-in update mechanism for a quick upgrade.
To mitigate the risk, it’s crucial that users upgrade their ADAudit Plus instance to the latest build (8123) without delay. The update process is designed to be straightforward, utilizing the service pack provided by ManageEngine to ensure a seamless installation.
Zoho’s internal security team discovered the vulnerability and acted swiftly to develop a fix. This proactive approach underscores the importance of keeping software up-to-date to defend against emerging threats.
Zoho continues to advise all users to prioritize the update as part of a comprehensive security strategy, especially given the critical nature of this vulnerability and its potential impact on Active Directory monitoring.
This update is essential for organizations using ADAudit Plus for security monitoring. Zoho stresses the importance of keeping software updated to prevent exploitation of known vulnerabilities.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment