CVE-2017-11559

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine OpManager version 12.2

Description An issue was discovered in the software, where the apiKey parameter of the API endpoints "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

Recommendations For ZOHO ManageEngine OpManager version 12.2, consider restricting access to the vulnerable API endpoints "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" to minimize the risk of exploitation, and avoid using the apiKey parameter in these endpoints until the issue is resolved.