Intrusion PreventionManageEngine.OpManager.OPMDeviceDetailsServlet.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in Zoho ManageEngine OpManager.
This vulnerability is due to insufficient validation of the parameters in the HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service.
Affected Products
Zoho ManageEngine OpManager before 12.4 build 124089
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-09 | 25.618 | Name:Zoho. ManageEngine. OPMDeviceDetailsServlet. SQL. Injection:ManageEngine. OpManager. OPMDeviceDetailsServlet. SQL. Injection |
| 2022-07-15 | 21.357 | Default_action:pass:drop |
| 2022-07-06 | 21.351 |
| ID | 51740 |
| Created | Jun 27, 2022 |
| Updated | Aug 08, 2023 |
| Risk |
|
| CVE ID | CVE-2019-17602 |
| Exploit Prediction Score | 22.79% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |