ManageEngine.Multiple.Products.SQL.Injection

description-logoDescription

This indicates an attack attempt against an SQL Injection vulnerability in Multiple ManageEngine products.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling HTTP requests. A remote attacker can exploit this to gain unauthorized access to sensitive information via a HTTP request.

affected-products-logoAffected Products

ManageEngine OpManager 11.3 and 11.4
ManageEngine IT360 10.3 and 10.4
ManageEngine Social IT Plus 11.0

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)