CVE-2020-24786

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Exchange Reporter Plus versions prior to build number 5510 Zoho ManageEngine AD360 versions prior to build number 4228 Zoho ManageEngine ADSelfService Plus versions prior to build number 5817 Zoho ManageEngine DataSecurity Plus versions prior to build number 6033 Zoho ManageEngine RecoverManager Plus versions prior to build number 6017 Zoho ManageEngine EventLog Analyzer versions prior to build number 12136 Zoho ManageEngine ADAudit Plus versions prior to build number 6052 Zoho ManageEngine O365 Manager Plus versions prior to build number 4334 Zoho ManageEngine Cloud Security Plus versions prior to build number 4110 Zoho ManageEngine ADManager Plus versions prior to build number 7055 Zoho ManageEngine Log360 versions prior to build number 5166

Description An issue was discovered in the specified Zoho ManageEngine products. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. This allows system integration properties to be modified, potentially leading to a full ManageEngine suite compromise.

Recommendations For Zoho ManageEngine Exchange Reporter Plus versions prior to build number 5510, update to build number 5510 or later. For Zoho ManageEngine AD360 versions prior to build number 4228, update to build number 4228 or later. For Zoho ManageEngine ADSelfService Plus versions prior to build number 5817, update to build number 5817 or later. For Zoho ManageEngine DataSecurity Plus versions prior to build number 6033, update to build number 6033 or later. For Zoho ManageEngine RecoverManager Plus versions prior to build number 6017, update to build number 6017 or later. For Zoho ManageEngine EventLog Analyzer versions prior to build number 12136, update to build number 12136 or later. For Zoho ManageEngine ADAudit Plus versions prior to build number 6052, update to build number 6052 or later. For Zoho ManageEngine O365 Manager Plus versions prior to build number 4334, update to build number 4334 or later. For Zoho ManageEngine Cloud Security Plus versions prior to build number 4110, update to build number 4110 or later. For Zoho ManageEngine ADManager Plus versions prior to build number 7055, update to build number 7055 or later. For Zoho ManageEngine Log360 versions prior to build number 5166, update to build number 5166 or later.