Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×

Support

Phone Get Quote

Support

US: +1 888 720 9500

US: +1 888 791 1189

Intl: +1 925 924 9500

Aus: +1 800 631 268

UK: 0800 028 6590

CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Authenticated SQL Injection Vulnerabilities fixed in ADAudit Plus build 8003

Severity: High

CVE ID: CVE-2024-36034, CVE-2024-36035

Affected Software Version(s): All ADAudit Plus builds below 8003

Fixed Version: Build 8003

Fixed on: April 29, 2024

Details: Authenticated SQL injection vulnerabilities in ADAudit Plus' User Session Recording and the Search function in Aggregate Reports have been fixed.

Impact: These vulnerabilities can allow an authenticated adversary to execute custom queries and access the database table entries using the vulnerable request.

Steps to Upgrade: Update your ADAudit Plus instance to the latest build — 8003 — using the service pack.

Acknowledgments: These issues were reported by Minh Vo Van (aka minhgalaxy) at bl4ckh0l3 from GalaxyOne.

Please contact support@adauditplus.com for more details.

Active Directory auditing

Windows file auditing

NAS device file auditing

Windows server auditing

Workstation auditing

Entra ID auditing

All features →

Help documents

Video zone

Webinars

Product brochures

Case studies

E-books

Awards zone

Study

How tos

Best practices

Security Updates

Authenticated SQL Injection Vulnerabilities fixed in ADAudit Plus build 8003

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

A single pane of glass for complete Active Directory Auditing and Reporting