HTTP: Zoho ManageEngine OpManager Alarms Section SQL Injection
This signature detects attempts to exploit a known vulnerability against ManageEngine OpManager. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service.
Extended Description
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Affected Products
Zohocorp manageengine_opmanager
References
BugTraq: 106302
CVE: CVE-2018-20338
URL: https://www.manageengine.com/network-monitoring/help/read-me.html
Short Name
HTTP:CVE-2018-20338-SQ-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Alarms CVE-2018-20338 Injection ManageEngine OpManager SQL Section Zoho bid:106302
Release Date
02/26/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
7.5