ManageEngine Exchange Reporter Plus vulnerable to SQL injection
CVE-2024-38872

8.8HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Exchange Reporter Plus
Vendor: CVE Published:; 26 July 2024

What is CVE-2024-38872?

The vulnerability present in Zohocorp's ManageEngine Exchange Reporter Plus, specifically in versions 5717 and earlier, allows attackers to exploit an authenticated SQL injection within the monitoring module. This security flaw could enable unauthorized access to the database, potentially exposing sensitive data and compromising system integrity. Organizations utilizing affected versions should implement immediate mitigations while monitoring for any unusual activities.

References

https://www.manageengine.com/products/exchange-reports/ad...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2024