CVE-2021-41075

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

26.4%

top 3.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Opmanager

Timeline

PublishedOct 13

Latest updateMay 24

Description

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_opmanager< 12.5+1

🔴Vulnerability Details

GHSA

GHSA-rc52-7mp4-hcrq: The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API↗2022-05-24

▶

CVEList

CVE-2021-41075: The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API↗2021-10-13

▶