Intrusion PreventionManageEngine.OpManager.CVE-2022-29535.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in ManageEngine OpManager.
This vulnerability is due to insufficient validation of the parameters in the HTTP requests when processing default reports. A remote, authenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service.
Affected Products
ManageEngine OpManager 12.5 Build 125617 and below
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/network-monitoring/security-updates/cve-2022-29535.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-09 | 25.618 | Name:Zoho. ManageEngine. OpManager. CVE-2022-29535. SQL. Injection:ManageEngine. OpManager. CVE-2022-29535. SQL. Injection |
| 2022-06-01 | 21.328 | Default_action:pass:drop |
| 2022-05-25 | 20.321 |
| ID | 51550 |
| Created | May 16, 2022 |
| Updated | Aug 08, 2023 |
| Risk |
|
| CVE ID | CVE-2022-29535 |
| Exploit Prediction Score | 8.88% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |