CVE-2021-40493

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

38.8%

top 2.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Opmanager

Timeline

PublishedOct 13

Latest updateMay 24

Description

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_opmanager< 12.5+1

🔴Vulnerability Details

GHSA

GHSA-6jm2-895w-xj6m: Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module↗2022-05-24

▶

CVEList

CVE-2021-40493: Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module↗2021-10-13

▶