Háng Dæ°Æ¡Ng TrầN

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Network Configuration Manager versions prior to 125465 **Description** The issue is related to SQL Injection in the hardware details search function. **Recommendations** For versions prior to 125465, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Network Configuration Manager versions prior to 125465 **Description** The issue concerns a SQL Injection vulnerability in the configuration search of ManageEngine Network Configuration Manager. **Recommendations** For ManageEngine Network Configuration Manager versions prior to 125465, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the configuration search functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine OpManager versions prior to 125437 **Description** The issue concerns a SQL Injection vulnerability in the support diagnostics module. This occurs via the `pollingObject` parameter of the "getDataCollectionFailureReason API" endpoint. **Recommendations** For versions prior to 125437, update to version 125437 or later to resolve the issue. As a temporary workaround, consider restricting access to the "getDataCollectionFailureReason API" endpoint to minimize the risk of exploitation. Avoid using the `pollingObject` parameter in the affected API endpoint until the issue is resolved.