9.8
CVE-2019-17602
- EPSS 58.63%
- Published 15.10.2019 21:15:11
- Last modified 21.11.2024 04:32:37
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Opmanager Version < 12.4
Zohocorp ≫ Manageengine Opmanager Version12.4 Update-
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124000
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124011
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124012
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124013
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124014
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124015
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124016
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124022
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124023
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124024
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124025
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124026
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124027
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124030
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124033
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124037
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124039
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124040
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124041
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124042
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124043
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124051
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124053
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124054
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124056
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124058
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124065
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124066
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124067
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124069
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124070
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124071
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124074
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124075
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124081
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124082
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124085
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124086
Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124087
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 58.63% | 0.981 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.