CVE-2024-38872

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below

Description The issue is related to the monitoring module of Zohocorp ManageEngine Exchange Reporter Plus, where the software fails to properly protect the SQL query structure, leading to an authenticated SQL injection vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary SQL queries on the database.

Recommendations For versions 5717 and below, consider disabling the monitoring module as a temporary workaround until a patch is available. Restrict access to the monitoring module to minimize the risk of exploitation. Avoid using the monitoring module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.