Lucene search

ManageEngineCVELIST:CVE-2024-21775

HistoryFeb 16, 2024 - 2:35 p.m.

CVE-2024-21775 SQL Injection

2024-02-1614:35:11

CWE-89

ManageEngine

www.cve.org

cve-2024-21775

sql injection

zoho manageengine exchange reporter plus

vulnerable

authenticated

report exporting

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

CNA Affected

[
  {
    "collectionURL": "https://www.manageengine.com/products/exchange-reports/download.html",
    "defaultStatus": "affected",
    "platforms": [
      "Windows"
    ],
    "product": "Exchange Reporter Plus",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThan": "5714",
        "status": "affected",
        "version": "0",
        "versionType": "5714"
      }
    ]
  }
]

References

www.manageengine.com/products/exchange-reports/advisory/CVE-2024-21775.html

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-21775