virus logo Intrusion Prevention

ManageEngine.Applications.Manager.Monitor.Type.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL injection Vulnerability in Zoho Corporation ManageEngine Application Manager.
The vulnerability is due to improper validation of user-supplied input when processing the request in Custom Monitor Type module. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary SQL statement, potentially leading to the execution of arbitrary code in the security context of the SYSTEM.

affected-products-logoAffected Products

Zoho Corporation ManageEngine Application Manager prior to 15 build 15001

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/applications_manager/issues.html#v15001

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-08-07 25.615
Modified
 Name:Zoho.
ME.
Applications.
Manager.
Custom.
Monitor.
Type.
SQL.
Injection:ManageEngine.
Applications.
Manager.
Monitor.
Type.
SQL.
Injection
2021-04-26 18.066
Modified
 Default_action:pass:drop
2021-04-13 18.057
New
ID 50140
Created Apr 06, 2021
Updated Aug 03, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type SQL Injection