Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Zohocorp
  • Manageengine Exchange Reporter Plus

Configuration 1 [-]

OR cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*

No data.

References
Link Providers
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html cve-icon cve-icon cve-icon
History

Wed, 11 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Zohocorp
Zohocorp manageengine Exchange Reporter Plus
CPEs cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*
Vendors & Products Zohocorp
Zohocorp manageengine Exchange Reporter Plus
cve-icon MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-07-26T17:29:42.911Z

Updated: 2024-08-02T04:19:20.491Z

Reserved: 2024-06-20T13:15:39.620Z

Link: CVE-2024-38871

cve-icon Vulnrichment

Updated: 2024-08-02T04:19:20.491Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-26T18:15:03.137

Modified: 2024-09-11T15:29:50.230

Link: CVE-2024-38871

cve-icon Redhat

No data.