Threat Encyclopedia

Zoho.ManageEngine.OpManager.CVE-2022-29535.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL Injection Vulnerability in ManageEngine OpManager.
This vulnerability is due to insufficient validation of the parameters in the HTTP requests when processing default reports. A remote, authenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service.

affected-products-logoAffected Products

ManageEngine OpManager 12.5 Build 125617 and below

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/network-monitoring/security-updates/cve-2022-29535.html

CVE References

CVE-2022-29535