CVE-2024-9459

Zohocorp ManageEngineExchange Reporter Plus versions5718 and prior are vulnerable to authenticated SQL Injection in reports module.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
ManageEngineCNA
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
zohocorpmanageengine_exchange_reporter_plus
𝑥
< 5.7
zohocorpmanageengine_exchange_reporter_plus
5.7
zohocorpmanageengine_exchange_reporter_plus
5.7:5700
zohocorpmanageengine_exchange_reporter_plus
5.7:5701
zohocorpmanageengine_exchange_reporter_plus
5.7:5702
zohocorpmanageengine_exchange_reporter_plus
5.7:5703
zohocorpmanageengine_exchange_reporter_plus
5.7:5704
zohocorpmanageengine_exchange_reporter_plus
5.7:5705
zohocorpmanageengine_exchange_reporter_plus
5.7:5706
zohocorpmanageengine_exchange_reporter_plus
5.7:5707
zohocorpmanageengine_exchange_reporter_plus
5.7:5708
zohocorpmanageengine_exchange_reporter_plus
5.7:5709
zohocorpmanageengine_exchange_reporter_plus
5.7:5710
zohocorpmanageengine_exchange_reporter_plus
5.7:5711
zohocorpmanageengine_exchange_reporter_plus
5.7:5712
zohocorpmanageengine_exchange_reporter_plus
5.7:5713
zohocorpmanageengine_exchange_reporter_plus
5.7:5714
zohocorpmanageengine_exchange_reporter_plus
5.7:5715
zohocorpmanageengine_exchange_reporter_plus
5.7:5717
zohocorpmanageengine_exchange_reporter_plus
5.7:5718
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html