HTTP: Zoho ManageEngine OpManager getReport SQL Injection

This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine OpManager. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

Affected Products

Zohocorp manageengine_opmanager

References

CVE: CVE-2021-41288

Short Name
HTTP:SQL:INJ:ZOHO-ME-OPMANGR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-41288 Injection ManageEngine OpManager SQL Zoho getReport
Release Date
10/12/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3426
False Positive
Unknown
Vendors

Zohocorp

CVSS Score

7.5

Found a potential security threat?