Lucene search
ManageEngineCVE-2024-38871HistoryJul 26, 2024 - 6:15 p.m.
CVE-2024-38871
2024-07-2618:15:03
CWE-89
ManageEngine
web.nvd.nist.gov
25
20
zohocorp manageengine
exchange reporter plus
sql injection
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
31.9%
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
Affected configurations
Node
zohocorpmanageengine_exchange_reporter_plusRange<5.7
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75700
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75701
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75702
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75703
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75704
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75705
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75706
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75707
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75708
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75709
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75710
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75711
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75712
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75713
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75714
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75715
ORzohocorpmanageengine_exchange_reporter_plusMatch5.75717
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_exchange_reporter_plus | * | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:* |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://www.manageengine.com/",
"defaultStatus": "unaffected",
"product": "Exchange Reporter Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "5717",
"status": "affected",
"version": "0",
"versionType": "5717"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2024-38871
2024-07-26 18:15:03
vulnrichment
vulnrichment
CVE-2024-38871 SQL Injection
2024-07-26 17:29:42
cvelist
cvelist
CVE-2024-38871 SQL Injection
2024-07-26 17:29:42
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
31.9%
Related for CVE-2024-38871