PT-2022-18683 · Zoho · Zoho Manageengine Opmanager

Anh Vu

Published

2022-04-18

Updated

2022-04-26

CVE-2022-27908

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions prior to 125588 Zoho ManageEngine OpManager versions prior to 125603

Description The issue concerns an authenticated SQL Injection in the Inventory Reports module.

Recommendations For versions prior to 125588, update to version 125588 or later. For versions prior to 125603, update to version 125603 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-27908

Affected Products

Zoho Manageengine Opmanager

PT-2022-18683 · Zoho · Zoho Manageengine Opmanager

CVE-2022-27908

Weakness Enumeration

Related Identifiers

Affected Products

References · 4