CVE-2023-22624

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Exchange Reporter Plus versions prior to 5708

Description The issue allows attackers to conduct XXE (XML External Entity) attacks. This type of attack occurs when an application parses XML input that contains malicious external entity references, which can lead to unauthorized access to sensitive data or other malicious activities.

Recommendations For versions prior to 5708, update to version 5708 or later to resolve the issue. As a temporary workaround, consider restricting XML input parsing to minimize the risk of exploitation.