CVE-2019-17602

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions prior to 12.4 build 124089

Description An issue was discovered in the software, where the OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this issue could be exploited either unauthenticated or authenticated.

Recommendations For versions prior to 12.4 build 124089, update to version 12.4 build 124089 or later to resolve the issue. As a temporary workaround, consider restricting access to the OPMDeviceDetailsServlet servlet to minimize the risk of exploitation.