ManageEngine Exchange Reporter Plus Remote Code Execution Vulnerability Alert

by do son ·

ManageEngine Exchange Reporter Plus rce

Recently, ManageEngine officially released a new version of Exchange Reporter Plus to fix a remote code execution vulnerabilityThe vulnerability stems from the Java servlet ‘ADSHACluster’ when a ‘bcp.exe’ file executed, and an attacker can bypass the ‘BCP_EXE’ parameter to execute code remotely.

ManageEngine Exchange Reporter Plus is a web-based Microsoft Exchange Server analysis and reporting solution. Exchange Reporter Plus is a comprehensive MS Exchange reporting software that provides over 100 different reports in all aspects of the Microsoft Exchange Server environment.

Affected version

  • ManageEngine Exchange Reporter Plus <= 5310

Unaffected version

  • ManageEngine Exchange Reporter Plus 5311

Solution

ManageEngine has released the latest version to fix the above vulnerability, and affected users should update it for protection.

Download

Tags: ManageEngine Exchange Reporter Plusrce