2024-11-05 07:03:20 +00:00
{
"id" : "CVE-2024-9459" ,
"sourceIdentifier" : "0fc0942c-577d-436f-ae8e-945763c79b02" ,
"published" : "2024-11-05T06:15:06.057" ,
2024-11-06 17:03:24 +00:00
"lastModified" : "2024-11-06T15:29:04.917" ,
"vulnStatus" : "Analyzed" ,
2024-11-05 07:03:20 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Zohocorp ManageEngine\u00a0Exchange Reporter Plus versions\u00a05718 and prior are vulnerable to authenticated SQL Injection in reports module."
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-11-06 17:03:24 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
} ,
2024-11-05 07:03:20 +00:00
{
"source" : "0fc0942c-577d-436f-ae8e-945763c79b02" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 8.3 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.5
}
]
} ,
"weaknesses" : [
2024-11-06 17:03:24 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-89"
}
]
} ,
2024-11-05 07:03:20 +00:00
{
"source" : "0fc0942c-577d-436f-ae8e-945763c79b02" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-89"
}
]
}
] ,
2024-11-06 17:03:24 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.7" ,
"matchCriteriaId" : "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "3FC399C6-4299-4744-9FC5-13CFE7478164"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*" ,
"matchCriteriaId" : "E913F3D6-9F94-4130-94FF-37F4D81BAEF4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*" ,
"matchCriteriaId" : "34D23B58-2BB8-40EE-952C-1595988335CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*" ,
"matchCriteriaId" : "322920C4-4487-4E44-9C40-2959F478A4FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*" ,
"matchCriteriaId" : "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*" ,
"matchCriteriaId" : "014DB85C-DB28-4EBB-971A-6F8F964CE6FE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E9B0013-ABF8-4616-BC92-15DF9F5CB359"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B744F32-FD43-47B8-875C-6777177677CD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*" ,
"matchCriteriaId" : "D3012C17-87F5-4FFD-B67B-BEFF2A390613"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*" ,
"matchCriteriaId" : "1E33D368-2D81-4C7E-9405-7C0A86E97217"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*" ,
"matchCriteriaId" : "7AA9384F-6401-4495-B558-23E5A7A7528C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*" ,
"matchCriteriaId" : "E492F955-0734-4AE4-A59F-572ADF0CFE75"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*" ,
"matchCriteriaId" : "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*" ,
"matchCriteriaId" : "531AFEFB-BBE6-42B2-8D37-B4098324AA87"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*" ,
"matchCriteriaId" : "01F80C71-110D-4776-B13F-08FCDE125B81"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A6D8AAD-49B9-4216-9A81-A449A5D5549C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*" ,
"matchCriteriaId" : "852DBCE6-B926-4B5B-B8C2-86569355153D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5718:*:*:*:*:*:*" ,
"matchCriteriaId" : "D5E6DB9D-4919-4827-A9F6-1DFCB78F4004"
}
]
}
]
}
] ,
2024-11-05 07:03:20 +00:00
"references" : [
{
"url" : "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html" ,
2024-11-06 17:03:24 +00:00
"source" : "0fc0942c-577d-436f-ae8e-945763c79b02" ,
"tags" : [
"Vendor Advisory"
]
2024-11-05 07:03:20 +00:00
}
]
}
