ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus) Family July 2024 Security Update Advisory

Overview

 

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Exchange Reporter Plus build 5717 or below

Exchange Reporter Plus build 5717 or below

 

Resolved Vulnerabilities

 

High Impact SQL Injection Vulnerability (CVE-2024-38872) in Exchange Reporter Plus [1]

High Impact SQL Injection Vulnerability in Exchange Reporter Plus (CVE-2024-38871) [2]

 

Vulnerability Patches

 

Please follow the security advisory published on July 26, 2017 to update to the appropriate version and the latest version.

Exchange Reporter Plus build 5718 version

Exchange Reporter Plus build 5718 version

 

Referenced Sites

 

[1] CVE-2024-38872 – Authenticated SQL Injection Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38872.html

[2] CVE-2024-38871 – Authenticated SQL Injection Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html

Article Link: ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus) Family July 2024 Security Update Advisory – AhnLab