CVE-2019-17602

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
zohocorpmanageengine_opmanager
𝑥
< 12.4
zohocorpmanageengine_opmanager
12.4
zohocorpmanageengine_opmanager
12.4:build124000
zohocorpmanageengine_opmanager
12.4:build124011
zohocorpmanageengine_opmanager
12.4:build124012
zohocorpmanageengine_opmanager
12.4:build124013
zohocorpmanageengine_opmanager
12.4:build124014
zohocorpmanageengine_opmanager
12.4:build124015
zohocorpmanageengine_opmanager
12.4:build124016
zohocorpmanageengine_opmanager
12.4:build124022
zohocorpmanageengine_opmanager
12.4:build124023
zohocorpmanageengine_opmanager
12.4:build124024
zohocorpmanageengine_opmanager
12.4:build124025
zohocorpmanageengine_opmanager
12.4:build124026
zohocorpmanageengine_opmanager
12.4:build124027
zohocorpmanageengine_opmanager
12.4:build124030
zohocorpmanageengine_opmanager
12.4:build124033
zohocorpmanageengine_opmanager
12.4:build124037
zohocorpmanageengine_opmanager
12.4:build124039
zohocorpmanageengine_opmanager
12.4:build124040
zohocorpmanageengine_opmanager
12.4:build124041
zohocorpmanageengine_opmanager
12.4:build124042
zohocorpmanageengine_opmanager
12.4:build124043
zohocorpmanageengine_opmanager
12.4:build124051
zohocorpmanageengine_opmanager
12.4:build124053
zohocorpmanageengine_opmanager
12.4:build124054
zohocorpmanageengine_opmanager
12.4:build124056
zohocorpmanageengine_opmanager
12.4:build124058
zohocorpmanageengine_opmanager
12.4:build124065
zohocorpmanageengine_opmanager
12.4:build124066
zohocorpmanageengine_opmanager
12.4:build124067
zohocorpmanageengine_opmanager
12.4:build124069
zohocorpmanageengine_opmanager
12.4:build124070
zohocorpmanageengine_opmanager
12.4:build124071
zohocorpmanageengine_opmanager
12.4:build124074
zohocorpmanageengine_opmanager
12.4:build124075
zohocorpmanageengine_opmanager
12.4:build124081
zohocorpmanageengine_opmanager
12.4:build124082
zohocorpmanageengine_opmanager
12.4:build124085
zohocorpmanageengine_opmanager
12.4:build124086
zohocorpmanageengine_opmanager
12.4:build124087
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
https://www.manageengine.com/network-monitoring/help/read-me-complete.html