9.8

CVE-2021-41080

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123123
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123129
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123137
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123151
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123156
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123159
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123169
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123177
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123179
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123191
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123194
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123206
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123207
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123214
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123215
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123217
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123218
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123222
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123223
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123231
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123237
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123239
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123274
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123277
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123279
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123288
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123304
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123306
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123312
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123323
ZohocorpManageengine Network Configuration Manager Version12.3 Updatebuild123327
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125000
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125108
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125112
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125115
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125116
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125120
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125121
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125125
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125129
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125136
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125142
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125149
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125180
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125195
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125199
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125212
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125213
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125216
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125228
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125232
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125233
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125234
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125323
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125325
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125327
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125329
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125343
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125345
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125358
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125362
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125363
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125378
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125392
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125399
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125417
ZohocorpManageengine Network Configuration Manager Version12.5 Updatebuild125445
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.82% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.