CVE-2021-41288

EPSS 22.19%
Published 30.09.2021 19:15:07
Last modified 21.11.2024 06:25:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Opmanager Version <= 12.4

Zohocorp ≫ Manageengine Opmanager Version12.5 Update-

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125000

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125002

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125100

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125101

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125102

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125108

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125110

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125111

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125112

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125113

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125114

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125116

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125117

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125118

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125120

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125121

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125123

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125124

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125125

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125136

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125137

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125139

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125140

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125143

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125144

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125145

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125156

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125157

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125158

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125159

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125161

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125163

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125174

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125175

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125176

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125177

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125178

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125180

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125181

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125192

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125193

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125194

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125195

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125196

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125197

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125198

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125201

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125204

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125212

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125213

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125214

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125215

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125216

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125228

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125229

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125230

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125231

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125232

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125233

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125312

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125323

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125324

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125326

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125328

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125329

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125340

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125341

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125342

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125343

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125344

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125346

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125358

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125359

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125360

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125361

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125362

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125364

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125366

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125367

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125375

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125376

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125377

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125378

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125379

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125380

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125381

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125382

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125386

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125392

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125393

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125394

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125397

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125398

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125399

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125405

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125410

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125411

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125413

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125414

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125415

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125416

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125417

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125420

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125428

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125430

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125431

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125432

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125433

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125434

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125437

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125446

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125448

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125450

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125451

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125452

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125453

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125455

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125466

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	22.19%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125467

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-41288

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41288

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41288

EUVD