Primary

Context

ManageEngine Log360 Authentication Bypass Vulnerability in V1 API

Vulnerability

Patched

An authentication bypass vulnerability has been identified in ManageEngine Log360, affecting versions 13000 through 13013. This vulnerability arises from improper filter configuration, which allows certain actions to bypass authentication requirements. As a result, unauthorized users may gain access to restricted data and operations via the exposed V1 APIs.

Impact

Exploitation of this vulnerability allows for authentication bypass on the exposed V1 APIs, potentially leading to unauthorized access to data and operations.

Remediation

Users can update to Log360 build 13017 or the latest version using the available service pack. Instructions for downloading the service pack are available on the ManageEngine Log360 website.

Added: Apr 16, 2026, 3:24 PM

Updated: Apr 16, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

7.4

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

7.4

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Log360 Authentication Bypass Vulnerability in V1 API

Vulnerability

Impact

Remediation

Affected Products

ManageEngine Log360

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating