Severity : High

CVE ID : CVE-2024-21733

Details :
A high severity vulnerability (CVE-2024-21733) impacting multiple versions of the Apache tomcat was disclosed publicly on January 19, 2024. The vulnerability impacts Apache Tomcat 8.5.7 to 8.5.63 and 9.0.0-M11 to 9.0.43. Find the details of this vulnerability documented here :
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz

ManageEngine products with affected tomcat version and updated version details :

PRODUCT NAME TOMCAT VERSION(S) UPDATED ON PRODUCT VERSION STEPS TO UPGRADE
Active Directory 360 8.5.98 23/01/2024 4401 https://www.manageengine.com/active-directory-360/service-pack.html
ADManager Plus 8.5.98 22/01/2024 7223 https://www.manageengine.com/products/ad-manager/service-pack.html
Cloud Security Plus 9.0.84 26/01/2024 4200 https://www.manageengine.com/cloud-security/service-pack.html
Exchange Reporter Plus 8.5.87 24/01/2024 5715 https://www.manageengine.com/products/exchange-reports/service-pack.html
Log360 UEBA 8.5.98 25/01/2024 4056 https://www.manageengine.com/log-management/ueba-release-notes.html#4046
M365 Manager Plus 8.5.98 24/01/2024 4606 https://www.manageengine.com/microsoft-365-management-reporting/service-pack.html

Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of the above products immediately.

Note: Other ManageEngine products that are not listed above are not affected by this vulnerability, since the products already bundled with the safer tomcat versions. Please check more details here : https://www.manageengine.com/security/advisory/tomcat/Announcement-CVE-2024-21733.html

Please contact our product support or security@manageengine.com if you need any further assistance.