Severity : High
CVE ID : CVE-2024-21733
Details :
A high severity vulnerability (CVE-2024-21733) impacting multiple versions of the Apache tomcat was disclosed publicly on January 19, 2024. The vulnerability impacts Apache Tomcat 8.5.7 to 8.5.63 and 9.0.0-M11 to 9.0.43. Find the details of this vulnerability documented here :
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
ManageEngine products with affected tomcat version and updated version details :
| PRODUCT NAME | TOMCAT VERSION(S) | UPDATED ON | PRODUCT VERSION | STEPS TO UPGRADE |
|---|---|---|---|---|
| Active Directory 360 | 8.5.98 | 23/01/2024 | 4401 | https://www.manageengine.com/active-directory-360/service-pack.html |
| ADManager Plus | 8.5.98 | 22/01/2024 | 7223 | https://www.manageengine.com/products/ad-manager/service-pack.html |
| Cloud Security Plus | 9.0.84 | 26/01/2024 | 4200 | https://www.manageengine.com/cloud-security/service-pack.html |
| Exchange Reporter Plus | 8.5.87 | 24/01/2024 | 5715 | https://www.manageengine.com/products/exchange-reports/service-pack.html |
| Log360 UEBA | 8.5.98 | 25/01/2024 | 4056 | https://www.manageengine.com/log-management/ueba-release-notes.html#4046 |
| M365 Manager Plus | 8.5.98 | 24/01/2024 | 4606 | https://www.manageengine.com/microsoft-365-management-reporting/service-pack.html |
Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of the above products immediately.
Note: Other ManageEngine products that are not listed above are not affected by this vulnerability, since the products already bundled with the safer tomcat versions. Please check more details here : https://www.manageengine.com/security/advisory/tomcat/Announcement-CVE-2024-21733.html
Please contact our product support or security@manageengine.com if you need any further assistance.