Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Vulnerability details
Severity	Medium
CVE ID	CVE-2024-36037
Affected software versions	All ADAudit Plus builds below 7270
Fixed version	Build 7270
Fixed on	December 29, 2023

Details

A vulnerability in ADAudit Plus due to insufficient access control enforcement on the session recording storage folder on agent-installed machines has been fixed.

Impact

This vulnerability could allow an insider with an authenticated session to view the recorded session data of other users on the affected machine.

Steps to upgrade

Update your ADAudit Plus instance to the latest build — 7270 — using the service pack.

Acknowledgements

This issue was reported by Andreas from Shelltrail.

Please contact support@adauditplus.com for more details.

Active Directory auditing

Windows file auditing

NAS device file auditing

Windows server auditing

Workstation auditing

Entra ID auditing

All features →

Help documents

Video zone

Webinars

Product brochures

Case studies

E-books

Awards zone

Study

How tos

Best practices

Security Updates

Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Details

Impact

Steps to upgrade

Acknowledgements

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

A single pane of glass for complete Active Directory Auditing and Reporting