We would like to inform you that the latest version of Log360, build 5166, fixes a critical security issue.
Some versions of Log360 have the unauthenticated change to integration system vulnerability, which was reported on Medium by Florian Hauser. This article explains how you can identify if your Log360 installation (including the add-ons) is affected, and fix it. It also offers the steps to protect your installation even if it is not affected.
What is the issue?
Log360 had a vulnerable (CVE-2020-24786) endpoint that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak.
Who are all affected?
All users of Log360 who use versions below 5166.
What is the severity level of the issue?
This is a critical issue. As this vulnerability can be exploited, without authentication, from any publicly exposed installation of Log360, the risk associated with it is high.
How can I check if my installation has been compromised?
Steps to check if your installation has been compromised:
Login to the Log360 console.
In case you have integrated Log360 with Log360 or any other ManageEngine products, do check if their configuration settings are the same and have not been modified.
Verify that the Email Server settings (Admin > Email settings) are the same and have not been changed.
In Domain Settings, check if new, additional, or illegitimate domains have been configured.
What should I do if my instance is compromised?
Even if your installation is not compromised, if you are on any Log360 build below 5166, it is advisable to upgrade immediately.
For any queries or technical assistance to help with the product upgrade, feel free to reply to this email. Our technical support engineers will be happy to assist you.
ManageEngine Log360 Team