CVE-2024-6748

CWE-89SQL Injection3 documents3 sources
Severity
8.3HIGH
EPSS
3.6%
top 12.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Manageengine Opmanager
Timeline
PublishedJul 29

Description

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages1 packages

CVEListV5manageengine/opmanager128317

🔴Vulnerability Details

2
CVEList
SQL Injection2024-07-29
GHSA
GHSA-86q3-fjwx-gw6h: Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the2024-07-29
CVE-2024-6748 (HIGH CVSS 8.3) | Zohocorp ManageEngine OpManager | cvebase.io