PT-2024-37844 · Zoho · Zoho Manageengine Opmanager+3
Cokebeer
+2
·
Published
2024-07-29
·
Updated
2024-07-30
·
CVE-2024-6748
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below
Description
The issue concerns an authenticated SQL injection vulnerability in the URL monitoring feature.
Recommendations
For versions 128317 and below, consider restricting access to the URL monitoring feature until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opmanager Msp
Opmanager Plus
Opmanager Rmm
Zoho Manageengine Opmanager