Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Vulnerability details
Severity Medium
CVE ID CVE-2024-36037
Affected software versions All ADAudit Plus builds below 7270
Fixed version Build 7270
Fixed on December 29, 2023

Details

A vulnerability in ADAudit Plus due to insufficient access control enforcement on the session recording storage folder on agent-installed machines has been fixed.

Impact

This vulnerability could allow an insider with an authenticated session to view the recorded session data of other users on the affected machine.

Steps to upgrade

Update your ADAudit Plus instance to the latest build — 7270 — using the service pack.

Acknowledgements

This issue was reported by Andreas from Shelltrail.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By