Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

Authenticated SQL Injection Vulnerabilities fixed in ADAudit Plus build 8003

Severity: High

CVE ID: CVE-2024-36034, CVE-2024-36035

Affected Software Version(s): All ADAudit Plus builds below 8003

Fixed Version: Build 8003

Fixed on: April 29, 2024

Details: Authenticated SQL injection vulnerabilities in ADAudit Plus' User Session Recording and the Search function in Aggregate Reports have been fixed.

Impact: These vulnerabilities can allow an authenticated adversary to execute custom queries and access the database table entries using the vulnerable request.

Steps to Upgrade: Update your ADAudit Plus instance to the latest build — 8003 — using the service pack.

Acknowledgments: These issues were reported by Minh Vo Van (aka minhgalaxy) at bl4ckh0l3 from GalaxyOne.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By