CVE-2019-17602

Опубликовано: 15 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.

Ссылки

https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Release Notes
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

Версия до 12.4 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124023:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124025:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124026:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124027:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124030:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124033:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124037:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124039:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124040:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124041:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124042:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124043:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124051:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124053:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124054:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124056:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124058:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124065:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124066:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124067:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124069:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124070:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124071:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124074:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124075:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124081:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124082:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124085:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124086:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124087:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.58634

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c53x-hwmf-5w37

github

больше 3 лет назад