CVE-2019-17602

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.

Published: Oct 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-17602
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	-	12.4
zohocorp / manageengine_opmanager	12.4	12.4.x
zohocorp / manageengine_opmanager	12.4-build124016	12.4-build124016.x
zohocorp / manageengine_opmanager	12.4-build124015	12.4-build124015.x
zohocorp / manageengine_opmanager	12.4-build124039	12.4-build124039.x
zohocorp / manageengine_opmanager	12.4-build124037	12.4-build124037.x
zohocorp / manageengine_opmanager	12.4-build124041	12.4-build124041.x
zohocorp / manageengine_opmanager	12.4-build124040	12.4-build124040.x
zohocorp / manageengine_opmanager	12.4-build124043	12.4-build124043.x
zohocorp / manageengine_opmanager	12.4-build124042	12.4-build124042.x
zohocorp / manageengine_opmanager	12.4-build124053	12.4-build124053.x
zohocorp / manageengine_opmanager	12.4-build124051	12.4-build124051.x
zohocorp / manageengine_opmanager	12.4-build124023	12.4-build124023.x
zohocorp / manageengine_opmanager	12.4-build124022	12.4-build124022.x
zohocorp / manageengine_opmanager	12.4-build124025	12.4-build124025.x
zohocorp / manageengine_opmanager	12.4-build124024	12.4-build124024.x
zohocorp / manageengine_opmanager	12.4-build124027	12.4-build124027.x
zohocorp / manageengine_opmanager	12.4-build124026	12.4-build124026.x
zohocorp / manageengine_opmanager	12.4-build124033	12.4-build124033.x
zohocorp / manageengine_opmanager	12.4-build124030	12.4-build124030.x
zohocorp / manageengine_opmanager	12.4-build124074	12.4-build124074.x
zohocorp / manageengine_opmanager	12.4-build124071	12.4-build124071.x
zohocorp / manageengine_opmanager	12.4-build124081	12.4-build124081.x
zohocorp / manageengine_opmanager	12.4-build124075	12.4-build124075.x
zohocorp / manageengine_opmanager	12.4-build124085	12.4-build124085.x
zohocorp / manageengine_opmanager	12.4-build124082	12.4-build124082.x
zohocorp / manageengine_opmanager	12.4-build124087	12.4-build124087.x
zohocorp / manageengine_opmanager	12.4-build124086	12.4-build124086.x
zohocorp / manageengine_opmanager	12.4-build124056	12.4-build124056.x
zohocorp / manageengine_opmanager	12.4-build124054	12.4-build124054.x
zohocorp / manageengine_opmanager	12.4-build124065	12.4-build124065.x
zohocorp / manageengine_opmanager	12.4-build124058	12.4-build124058.x
zohocorp / manageengine_opmanager	12.4-build124067	12.4-build124067.x
zohocorp / manageengine_opmanager	12.4-build124066	12.4-build124066.x
zohocorp / manageengine_opmanager	12.4-build124070	12.4-build124070.x
zohocorp / manageengine_opmanager	12.4-build124069	12.4-build124069.x
zohocorp / manageengine_opmanager	12.4-build124000	12.4-build124000.x
zohocorp / manageengine_opmanager	12.4-build124012	12.4-build124012.x
zohocorp / manageengine_opmanager	12.4-build124011	12.4-build124011.x
zohocorp / manageengine_opmanager	12.4-build124014	12.4-build124014.x
zohocorp / manageengine_opmanager	12.4-build124013	12.4-build124013.x

https://www.manageengine.com/network-monitoring/help/read-me-complete.html

Vulnerability Database

289,784

CVE-2019-17602