📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Higher Education CRITICAL 5h Global data_breach Government HIGH 6h Global supply_chain Software Development and Open Source Communities CRITICAL 6h Global malware Software Development CRITICAL 6h Global phishing Multiple Sectors HIGH 7h Global vulnerability Web Applications CRITICAL 8h Global apt Critical Infrastructure CRITICAL 8h Global ransomware Multiple sectors CRITICAL 8h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 9h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 10h Global vulnerability Higher Education CRITICAL 5h Global data_breach Government HIGH 6h Global supply_chain Software Development and Open Source Communities CRITICAL 6h Global malware Software Development CRITICAL 6h Global phishing Multiple Sectors HIGH 7h Global vulnerability Web Applications CRITICAL 8h Global apt Critical Infrastructure CRITICAL 8h Global ransomware Multiple sectors CRITICAL 8h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 9h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 10h Global vulnerability Higher Education CRITICAL 5h Global data_breach Government HIGH 6h Global supply_chain Software Development and Open Source Communities CRITICAL 6h Global malware Software Development CRITICAL 6h Global phishing Multiple Sectors HIGH 7h Global vulnerability Web Applications CRITICAL 8h Global apt Critical Infrastructure CRITICAL 8h Global ransomware Multiple sectors CRITICAL 8h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 9h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 10h
Vulnerabilities

CVE-2026-4108

High
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
CWE-79 — Weakness Type
Published: Apr 3, 2026  ·  Modified: Apr 6, 2026  ·  Source: NVD
CVSS v3
7.3
🔗 NVD Official
📄 Description (English)

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.

🤖 AI Executive Summary

ManageEngine Exchange Reporter Plus versions before 5802 contain a Stored XSS vulnerability in the Non-Owner Mailbox Permission report that allows authenticated attackers to inject malicious scripts. This vulnerability affects organizations managing Microsoft Exchange environments across Saudi Arabia, particularly those relying on ManageEngine for compliance reporting and mailbox auditing. With a CVSS score of 7.3, this poses a significant risk to data confidentiality and integrity in enterprise email environments.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 6, 2026 01:17
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi banking institutions, government agencies, and large enterprises using ManageEngine Exchange Reporter Plus for mailbox auditing and compliance reporting. SAMA-regulated banks face heightened risk as email security and audit trail integrity are critical compliance requirements. Government entities under NCA oversight managing sensitive communications are at significant risk. Healthcare organizations (MOH, private hospitals) and energy sector companies (ARAMCO, utilities) relying on Exchange reporting for regulatory compliance could experience compromised audit logs. Telecom operators (STC, Mobily, Zain) managing enterprise email systems are also vulnerable. The stored nature of the XSS means persistent compromise of reporting integrity affecting multiple users accessing the same reports.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Large Enterprises with Exchange Infrastructure
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all ManageEngine Exchange Reporter Plus installations in your environment and document current versions

2. Restrict access to the Non-Owner Mailbox Permission report to authorized administrators only

3. Implement network-level controls to limit access to the ManageEngine console to trusted IP ranges

4. Review audit logs for any suspicious activity in mailbox permission reports



PATCHING GUIDANCE:

1. Upgrade to ManageEngine Exchange Reporter Plus version 5802 or later immediately when available

2. Contact Zoho support for patch availability timeline and deployment procedures

3. Test patches in non-production environments before production deployment



COMPENSATING CONTROLS (until patch available):

1. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads in report parameters

2. Disable or restrict access to the Non-Owner Mailbox Permission report functionality if not actively used

3. Implement Content Security Policy (CSP) headers at the application level

4. Use browser-based security extensions to prevent XSS execution

5. Enforce multi-factor authentication for all ManageEngine console access



DETECTION RULES:

1. Monitor HTTP requests to ManageEngine for suspicious characters in report parameters (script tags, event handlers, encoded payloads)

2. Alert on any modifications to Non-Owner Mailbox Permission report data

3. Track user access patterns to mailbox permission reports for anomalies

4. Monitor for JavaScript execution in report rendering contexts

5. Log all report generation and export activities for forensic analysis
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حدد جميع تثبيتات ManageEngine Exchange Reporter Plus في بيئتك وتوثيق الإصدارات الحالية

2. قيد الوصول إلى تقرير صلاحيات صندوق البريد غير المالك للمسؤولين المصرحين فقط

3. طبق عناصر تحكم على مستوى الشبكة لتحديد الوصول إلى وحدة تحكم ManageEngine إلى نطاقات IP موثوقة

4. راجع سجلات التدقيق للنشاط المريب في تقارير صلاحيات صندوق البريد



إرشادات التصحيح:

1. قم بالترقية إلى ManageEngine Exchange Reporter Plus الإصدار 5802 أو أحدث فوراً عند توفره

2. اتصل بدعم Zoho للحصول على جدول زمني لتوفر التصحيح وإجراءات النشر

3. اختبر التصحيحات في بيئات غير الإنتاج قبل نشر الإنتاج



عناصر التحكم البديلة (حتى يتوفر التصحيح):

1. طبق قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حمولات XSS وحجبها في معاملات التقرير

2. عطل أو قيد الوصول إلى وظيفة تقرير صلاحيات صندوق البريد غير المالك إذا لم تكن قيد الاستخدام النشط

3. طبق رؤوس سياسة أمان المحتوى (CSP) على مستوى التطبيق

4. استخدم امتدادات الأمان المستندة إلى المتصفح لمنع تنفيذ XSS

5. فرض المصادقة متعددة العوامل لجميع عمليات الوصول إلى وحدة تحكم ManageEngine



قواعد الكشف:

1. راقب طلبات HTTP إلى ManageEngine للأحرف المريبة في معاملات التقرير (علامات البرنامج النصي ومعالجات الأحداث والحمولات المشفرة)

2. تنبيه على أي تعديلات على بيانات تقرير صلاحيات صندوق البريد غير المالك

3. تتبع أنماط وصول المستخدم إلى تقارير صلاحيات صندوق البريد للشذوذ

4. راقب تنفيذ JavaScript في سياقات عرض التقارير

5. سجل جميع أنشطة إنشاء التقارير والتصدير للتحليل الجنائي
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1.1 - Information Security Policies and Procedures 5.2.1 - Access Control Implementation 5.3.1 - Cryptography and Data Protection 5.4.1 - Audit and Accountability 5.5.1 - Incident Management
🔵 SAMA CSF
Governance - Security Policy and Risk Management Protect - Access Control and Authentication Protect - Data Protection and Privacy Detect - Security Monitoring and Logging Respond - Incident Response and Management
🟡 ISO 27001:2022
A.5.1 - Policies for information security A.6.1 - Internal organization A.8.1 - Asset management A.9.1 - Access control A.12.4 - Logging A.14.2 - Development security
🟣 PCI DSS v4.0.1
Requirement 6.5.1 - Injection flaws prevention Requirement 6.5.7 - Cross-site scripting (XSS) prevention Requirement 10.2 - Logging and monitoring Requirement 10.3 - Log protection
📦 Affected Products / CPE 4 entries
zohocorp:manageengine_exchange_reporter_plus
zohocorp:manageengine_exchange_reporter_plus:5.8
zohocorp:manageengine_exchange_reporter_plus:5.8
zohocorp:manageengine_exchange_reporter_plus:5.8
📊 CVSS Score
7.3
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionR — Required
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score7.3
CWECWE-79
EPSS0.02%
Exploit No
Patch ✗ No
Published 2026-04-03
Source Feed nvd
Views 4
🇸🇦 Saudi Risk Score
7.8
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-79
🏢 Vendor Advisories
🔗 https://www.manageengine.com/products/exchange-repor...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.