ManageEngine.Multiple.Products.SQL.Injection
Description
This indicates an attack attempt against an SQL Injection vulnerability in Multiple ManageEngine products.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling HTTP requests. A remote attacker can exploit this to gain unauthorized access to sensitive information via a HTTP request.
Affected Products
ManageEngine OpManager 11.3 and 11.4
ManageEngine IT360 10.3 and 10.4
ManageEngine Social IT Plus 11.0
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |