Some versions of Cloud Security Plus have the unauthenticated change to integration system vulnerability, which was reported on Medium by Florian Hauser. This article explains how you can identify if your Cloud Security Plus installation is affected, and fix it. It also offers the steps to protect your installation even if it is not affected.
What is the issue?
Cloud Security Plus had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak.
Who are all affected?
All users of Cloud Security Plus versions below 4110.
What is the severity level of the issue?
This is a critical issue. As this vulnerability can be exploited, without authentication, from any publicly exposed installation of Cloud Security Plus, the risk associated with it is high.
How can I check if my installation has been compromised?
Steps to check if your installation has been compromised:
Login to the Cloud Security Plus console, and:
1. In case you have integrated Cloud Security Plus with Log360 or any other ManageEngine products, do check if their configuration settings are the same and have not been modified.
2. Verify that the Email Server settings (Admin > Email settings) are the same and have not been changed.
3. In Domain Settings, check if new, additional, or illegitimate domains have been configured.
What should I do if my instance is compromised?
If you find your Cloud Security Plus instance to be compromised, do upgrade to build 4110 immediately by contacting us at firstname.lastname@example.org.
Even if your installation is not compromised, if you are on any Cloud Security Plus build below 4110, it is advisable to upgrade immediately,
For any queries or technical assistance to help with the product upgrade, feel free to reply to this email. Our technical support engineers will be happy to assist you.