PT-2019-15223 · Zoho · Zoho Manageengine Opmanager
Published
2019-10-15
·
Updated
2021-05-04
·
CVE-2019-17602
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine OpManager versions prior to 12.4 build 124089
Description
An issue was discovered in the software, where the OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this issue could be exploited either unauthenticated or authenticated.
Recommendations
For versions prior to 12.4 build 124089, update to version 12.4 build 124089 or later to resolve the issue. As a temporary workaround, consider restricting access to the OPMDeviceDetailsServlet servlet to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Opmanager