ManageEngine (Exchange Reporter Plus, ADManager Plus, and others) Family November 2024 Security Update Advisory

Overview

 

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Exchange Reporter Plus 5718 or below version

ADManager Plus 7241 previous version

ADAudit Plus 8121 previous version

 

Resolved Vulnerabilities

 

High Impact SQL Injection Vulnerability (CVE-2024-9459) in Exchange Reporter Plus [1]

High Impact SQL Injection Vulnerability in ADManager Plus (CVE-2024-48878) [2]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2024-36485) [3]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2024-5608) [4]

 

Vulnerability Patches

 

Please follow the security advisory published on November 5 to update to the appropriate and latest version.

Exchange Reporter Plus Build 5719 version

ADManager Plus 7250 version

ADAudit Plus Build 8121 version

 

Referenced Sites

 

[1] CVE-2024-9459 – SQL Injection Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html

[2] CVE-2024-48878 – SQL Injection Vulnerability

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html

[3] CVE-2024-36485 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html

[4] CVE-2024-5608 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html