What is the issue?

Log360 had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak.

Who are all affected?

All users of Log360 versions below 5166.

What is the severity level of the issue?

This is a critical issue. As this vulnerability can be exploited, without authentication, from any publicly exposed installation of Log360, the risk associated with it is high.

How can I check if my installation has been compromised?

Steps to check if your installation has been compromised:

• Login to the Log360 console, and:
  

1. In case you have integrated Log360 with Log360 or any other ManageEngine products, do check if their configuration settings are the same and have not been modified.

2. Verify that the Email Server settings (Admin > Email settings) are the same and have not been changed.

3. In Domain Settings, check if new, additional, or illegitimate domains have been configured.

What should I do if my instance is compromised?

If you find your Log360 instance to be compromised, do upgrade to build 5166 immediately by contacting us at log360-support@manageengine.com.

Even if your installation is not compromised, if you are on any Log360 build below 5166, it is advisable to upgrade immediately, 

For any queries or technical assistance to help with the product upgrade, feel free to reply to this email. Our technical support engineers will be happy to assist you.

Regards