Severity : High
CVE ID : CVE-2024-21733
Details :
A High severity vulnerability (CVE-2024-21733) has been recently disclosed, affecting various versions of the Apache Tomcat server. We want to assure many of our ManageEngine products are using the safer and unaffected versions of Tomcat which are not affected for this CVE. Here, we included the safer Tomcat versions and their respective updated release dates in ManageEngine products for our customers to verify and update their installation to the safer/latest versions:
Below ManageEngine products bundled with tomcat version and updated time details (as of 26th January, 2024):
| PRODUCT NAME | TOMCAT VERSION(S) | UPDATED TO SAFER VERSION ON | UPDATED PRODUCT VERSION | CURRENT PRODUCT VERSION |
|---|---|---|---|---|
| Access Manager Plus | 9.0.54 | Mar 2022 | 4300 | 4313 |
| ADAudit Plus | 9.0.54 | Dec 2022 | 7090 | 7272 |
| ADSelfService Plus | 8.5.91 | Aug 2023 | 6304 | 6402 |
| Analytics Plus | 9.0.54 | Dec 2022 | 5200 | 5330 |
| App Creator | 9.0.54 | Dec 2021 | 101 | 200 |
| Application Control Plus | 8.5.78 | July 2022 | 10.1.2147.2 | 11.2.2335.12 |
| Applications Manager | 9.0.70 | Apr 2023 | 16430 | 16810 |
| Asset Explorer | 9.0.54 | Dec 2021 | 6954 | 7320 |
| Browser Security Plus | 8.5.72 | Aug 2022 | 10.1.2220.2 | 11.2.2315.18 |
| Data Security Plus | 9.0.50 | May 2022 | 6070 | 6131 |
| Device Control Plus | 8.5.78 | July 2022 | 10.1.2147.2 | 11.3.2400.6 |
| Endpoint Central | 8.5.78 | July 2022 | 10.1.2147.2 | 11.2.2325.24 |
| Endpoint Central MSP | 8.5.78 | July 2022 | 10.1.2147.2 | 11.2.2325.24 |
| Endpoint DLP | 8.5.78 | July 2022 | 10.1.2134.01 | 10.1.2137.06 |
| EventLog Analyzer | 9.0.82 | Mar 2023 | 12336 | 12410 |
| Firewall Analyzer | 9.0.82 | Apr 2023 | 127000 | 128151 |
| Key Manager Plus | 9.0.54 | June 2022 | 6300 | 6650 |
| Log360 | 9.0.82 | Mar 2023 | 5345 | 5410 |
| Mobile Device Manager Plus | 8.5.72 | Aug 2022 | 10.1.2205.9 | 10.1.2400.1 |
| Mobile Device Manager Plus MSP | 8.5.72 | Aug 2022 | 10.1.2205.9 | 10.1.2400.1 |
| NetFlow Analyzer | 9.0.82 | Apr 2023 | 127000 | 128151 |
| Network Configuration Manager | 9.0.82 | Apr 2023 | 127000 | 128151 |
| OpManager | 9.0.82 | Apr 2023 | 127000 | 128151 |
| OpUtils | 9.0.82 | Apr 2023 | 127000 | 128151 |
| OSDeployer | 8.5.78 | Feb 2022 | 1.1.2205.1 | 1.2.2351.1 |
| PAM360 | 9.0.54 | Apr 2022 | 5400 | 6530 |
| Password Manager Pro | 9.0.54 | Nov 2021 | 12000 | 12410 |
| Patch Connect Plus | 8.5.72 | Jan 2022 | 90103 | 90128 |
| Patch Manager Plus | 8.5.78 | July 2022 | 10.1.2147.2 | 11.2.2325.24 |
| Recovery Manager Plus | 9.0.80 | June 2023 | 6074 | 6100 |
| Remote Access Plus | 8.5.78 | July 2022 | 10.1.2147.2 | 11.2.2325.22 |
| Remote Monitoring & Management (RMM) | 8.5.78 | Aug 2022 | 10.2.20 | 10.2.21 |
| Secure Gateway Server | 8.5.72 | Feb 2022 | 90094 | 90104 |
| ServiceDesk Plus | 9.0.54 | Dec 2021 | 12004 | 14620 |
| ServiceDesk Plus MSP | 9.0.54 | Oct 2022 | 13000 | 14610 |
| SharePoint Manager Plus | 9.0.73 | Aug 2023 | 4405 | 4500 |
| Support Center Plus | 9.0.54 | Feb 2023 | 14000 | 14610 |
| Vulnerability Manager Plus | 8.5.78 | July 2022 | 10.1.2147.2 | 11.3.2400.06 |
Note: A few of our ManageEngine products that are not listed above are affected by this vulnerability and updated the tomcat to the safer version. Please check more details here : https://www.manageengine.com/security/advisory/tomcat/Advisory-CVE-2024-21733.html
Please contact our product support or security@manageengine.com if you need any further assistance.