[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons,
We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment.
What is the issue?
EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak.
Who are all affected?
All users of EventLog Analyzer who use versions below 12136.
What is the severity level of the issue?
This is a critical issue. As this vulnerability can be exploited, without authentication, from any publicly exposed installation of EventLog Analyzer, the risk associated with it is high.
How can I check if my installation has been compromised?
Steps to check if your installation has been compromised:
Login to the EventLog Analyzer console
In case you have integrated EventLog Analyzer with Log360 or any other ManageEngine products, do check if their configuration settings are the same and have not been modified. Verify that the Email Server settings (Admin > Email settings) is the same and has not been changed.
In Domain Settings, check if new, additional, or illegitimate domains have been configured.
What should I do if my instance is compromised?
If you find your EventLog Analyzer instance to be compromised, do upgrade to build 12136 immediately by contacting us at support@eventloganalyzer.com.
Even if your installation is not compromised, if you are on any EventLog Analyzer build below 12136, it is advisable to upgrade immediately.
For any queries or technical assistance to help with the product upgrade, feel free to reply to this email. Our technical support engineers will be happy to assist you.
Regards,
Subha
ManageEngine EventLog Analyzer