PT-2021-23242 · Zoho · Zoho Manageengine Opmanager

Published

2021-09-30

Updated

2021-10-07

CVE-2021-41288

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions 125466 and below

Description The issue concerns SQL Injection in the getReportData API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions 125466 and below, update to a version above 125466 to resolve the SQL Injection issue in the getReportData API endpoint. As a temporary workaround, consider restricting access to the getReportData API endpoint until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-41288

Affected Products

Zoho Manageengine Opmanager

PT-2021-23242 · Zoho · Zoho Manageengine Opmanager

CVE-2021-41288

Weakness Enumeration

Related Identifiers

Affected Products

References · 4