Security advisory for remote code execution vulnerability in Log360 UEBA

Security advisory for remote code execution vulnerability in Log360 UEBA

Security advisory for remote code execution vulnerability in Log360 UEBA

 

Vulnerability Details

Product name

Log360 UEBA

Severity

Critical

Affected software versions

4060 to 4065

Fixed version

4066

Fixed on

17/06/2024

 

Details:

The ManageEngine Log360 UEBA product was affected by a remote code execution vulnerability caused by a vulnerable third-party dependency, Apache ActiveMQ (CVE-2023-46604). The issue was resolved by updating the ActiveMQ dependency to the secure version 5.16.7.

 

Impact:

This vulnerability can allow unauthenticated adversaries to conduct remote code executions.

 

What should I do?

Given the severity of this vulnerability, customers are strongly advised to update Log360 UEBA to the latest build, 4066, immediately.

Note: This issue only impacts Log360 UEBA versions between 4060 and 4065; other versions are not affected.

Please get in touch with the product support for further details at support@log360.com



      • Topic Participants

      • Varun

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products