How to fix the unauthenticated product integration vulnerability

How to fix the unauthenticated product integration vulnerability


Hello Everyone,

We wanted to let you know that a security vulnerability was detected in Exchange Reporter Plus and we have fixed it. This article explains how you can fix this issue.

What is the issue?

Exchange Reporter Plus had a vulnerable endpoint which allowed a user to integrate Exchange Reporter Plus with any other supported ManageEngine product, bypassing authentication. This could lead to data leak.

Which version of Exchange Reporter Plus is affected?

All Exchange Reporter Plus builds below 5510 are affected.

What is the severity level of the vulnerability?

This is a critical issue. As this vulnerability could be exploited without authentication, from any publicly exposed Exchange Reporter Plus installation, the risks posed could be critical.

Is there a fix for this issue?

Update the product to the latest build, 5510, using the service pack.

If you need further information, have any questions, or face any difficulties upgrading or performing the recommended steps, please get in touch with us at 
support@exchangereporterplus.com, or +1 408-916-9891 (toll free).