Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Vulnerability details
Severity	Medium
CVE ID	CVE-2024-36036
Affected software versions	All ADAudit Plus builds below 7270
Fixed version	Build 7270
Fixed on	December 29, 2023

Details

A vulnerability due to insufficient access control enforcement on ADAudit Plus' agent configuration data managed in registry has been fixed.

Impact

This vulnerability could allow a malicious insider to send a crafted, authenticated RPC request and modify the affected machine's agent configuration.

Steps to upgrade

Update your ADAudit Plus instance to the latest build — 7270 — using the service pack.

Acknowledgements

This issue was reported by Andreas from Shelltrail.

Please contact support@adauditplus.com for more details.

Active Directory

Microsoft Entra ID

Windows file servers

Windows servers

Workstations

NAS file servers

Change auditing

Logon monitoring

Lockout analysis

Privileged user monitoring

File auditing

Compliance reporting

Threat detection and response

All features →

SOX

HIPAA

PCI DSS

GLBA

FISMA

GDPR

ISO 27001

Security Updates

Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Details

Impact

Steps to upgrade

Acknowledgements

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

A single pane of glass for complete Active Directory Auditing and Reporting