CVE-2024-9459

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 89

Summary

CVE-2024-9459 is a new vulnerability affecting Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and earlier. This issue permits authenticated attackers to inject SQL queries into reports, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. Successful exploitation relies on the attacker's ability to manipulate report input fields, making it crucial for administrators to patch their systems promptly to mitigate risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zoho Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zKkHwN
https://www.cve.org/CVERecord?id=CVE-2024-9459
https://nvd.nist.gov/vuln/detail/CVE-2024-9459

Back to Vulnerability Database

CVE-2024-9459

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations