CVE-2018-20173

Опубликовано: 17 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

Ссылки

https://www.manageengine.com/network-monitoring/help/read-me.html
Release Notes
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123222:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123223:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123224:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123229:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123230:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123231:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123237:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12833

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mfq7-6cvc-529c