Overview
Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.
Affected Products
Exchange Reporter Plus build 5717 or below
Exchange Reporter Plus build 5717 or below
Resolved Vulnerabilities
High Impact SQL Injection Vulnerability (CVE-2024-38872) in Exchange Reporter Plus [1]
High Impact SQL Injection Vulnerability in Exchange Reporter Plus (CVE-2024-38871) [2]
Vulnerability Patches
Please follow the security advisory published on July 26, 2017 to update to the appropriate version and the latest version.
Exchange Reporter Plus build 5718 version
Exchange Reporter Plus build 5718 version
Referenced Sites
[1] CVE-2024-38872 – Authenticated SQL Injection Vulnerability
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38872.html
[2] CVE-2024-38871 – Authenticated SQL Injection Vulnerability
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html
Article Link: ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus) Family July 2024 Security Update Advisory – AhnLab