CVE-2024-5586 | ManageEngine - ADAudit Plus Operational Intel

Executive Risk Summary

"ManageEngine ADAudit Plus versions below 8121 are vulnerable to authenticated SQL injection in the extranet lockouts report option, allowing attackers to potentially extract or modify sensitive data. This vulnerability requires authentication, limiting the attack vector to authorized users."

Anticipated Attack Path

1. Authentication to ADAudit Plus
2. Access to extranet lockouts report option
3. Injection of malicious SQL code

Am I Vulnerable?

Verify ADAudit Plus version
Review database access logs for suspicious activity
Limit user access to sensitive data

Operational Audit Arsenal

Target Type Windows Service

Target Asset ADAuditPlus.exe

Standard Path C:\Program Files\ManageEngine\ADAudit Plus\bin

Manual Verification Required

This is a non-Windows asset (Zohocorp). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Minimal, but may require brief service downtime

Internal Work Notes

Apply patch to ADAudit Plus to mitigate SQL injection vulnerability (CVE-2024-5586)

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html

Related Zohocorp Threats

CVE-2025-8324 CVSS 9.8

ManageEngine Analytics Plus - Analytics Plus Service

CVE-2025-3835 CVSS 9.6

ManageEngine Exchange Reporter Plus - Content Search module

CVE-2025-11250 CVSS 9.1

ManageEngine ADSelfService Plus - Authentication Module

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.