We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in Log360. This article provides more information on the issue and how to resolve it.
What is the issue?
An authentication bypass vulnerability affecting REST API URLs.
What is the severity of the vulnerability?
This is a critical issue.
Which versions of Log360 are affected?
Log360 builds up to 5228 are affected.
How does it impact Log360 users?
This vulnerability allows attackers to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks.
Is there a fix for this issue?
This vulnerability can be exploited in unpatched Log360 installations. We recommend you to update Log360 to the latest build (5229) using the service pack as soon as possible.
If you need further information, have any questions, or face any difficulties in updating Log360, please get in touch with us at log360-support@manageengine.com, or 1-925-924-9500 (toll-free).