Security advisory for remote code execution vulnerability in Log360 UEBA

Security advisory for remote code execution vulnerability in Log360 UEBA

Security advisory for remote code execution vulnerability in Log360 UEBA

 

Vulnerability Details

Product name

Log360 UEBA

Severity

Critical

Affected software versions

4060 to 4065

Fixed version

4066

Fixed on

17/06/2024

 

Details:

The ManageEngine Log360 UEBA product was affected by a remote code execution vulnerability caused by a vulnerable third-party dependency, Apache ActiveMQ (CVE-2023-46604). The issue was resolved by updating the ActiveMQ dependency to the secure version 5.16.7.

 

Impact:

This vulnerability can allow unauthenticated adversaries to conduct remote code executions.

 

What should I do?

Given the severity of this vulnerability, customers are strongly advised to update Log360 UEBA to the latest build, 4066, immediately.

Note: This issue only impacts Log360 UEBA versions between 4060 and 4065; other versions are not affected.

Please get in touch with the product support for further details at support@log360.com


      • Topic Participants

      • Varun

                  New to ADSelfService Plus?