Lucene search
HistoryOct 03, 2022 - 4:22 p.m.
CVE-2018-20173
cve-2018-20173
zoho
manageengine
opmanager
sql injection
api
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
Affected configurations
Node
zohocorpmanageengine_opmanagerMatch12.3build12300
ORzohocorpmanageengine_opmanagerMatch12.3build123001
ORzohocorpmanageengine_opmanagerMatch12.3build123002
ORzohocorpmanageengine_opmanagerMatch12.3build123003
ORzohocorpmanageengine_opmanagerMatch12.3build123004
ORzohocorpmanageengine_opmanagerMatch12.3build123005
ORzohocorpmanageengine_opmanagerMatch12.3build123006
ORzohocorpmanageengine_opmanagerMatch12.3build123007
ORzohocorpmanageengine_opmanagerMatch12.3build123008
ORzohocorpmanageengine_opmanagerMatch12.3build123009
ORzohocorpmanageengine_opmanagerMatch12.3build123010
ORzohocorpmanageengine_opmanagerMatch12.3build123011
ORzohocorpmanageengine_opmanagerMatch12.3build123012
ORzohocorpmanageengine_opmanagerMatch12.3build123013
ORzohocorpmanageengine_opmanagerMatch12.3build123014
ORzohocorpmanageengine_opmanagerMatch12.3build123015
ORzohocorpmanageengine_opmanagerMatch12.3build123021
ORzohocorpmanageengine_opmanagerMatch12.3build123022
ORzohocorpmanageengine_opmanagerMatch12.3build123023
ORzohocorpmanageengine_opmanagerMatch12.3build123024
ORzohocorpmanageengine_opmanagerMatch12.3build123025
ORzohocorpmanageengine_opmanagerMatch12.3build123026
ORzohocorpmanageengine_opmanagerMatch12.3build123027
ORzohocorpmanageengine_opmanagerMatch12.3build123028
ORzohocorpmanageengine_opmanagerMatch12.3build123029
ORzohocorpmanageengine_opmanagerMatch12.3build123030
ORzohocorpmanageengine_opmanagerMatch12.3build123031
ORzohocorpmanageengine_opmanagerMatch12.3build123032
ORzohocorpmanageengine_opmanagerMatch12.3build123033
ORzohocorpmanageengine_opmanagerMatch12.3build123034
ORzohocorpmanageengine_opmanagerMatch12.3build123035
ORzohocorpmanageengine_opmanagerMatch12.3build123036
ORzohocorpmanageengine_opmanagerMatch12.3build123037
ORzohocorpmanageengine_opmanagerMatch12.3build123043
ORzohocorpmanageengine_opmanagerMatch12.3build123044
ORzohocorpmanageengine_opmanagerMatch12.3build123045
ORzohocorpmanageengine_opmanagerMatch12.3build123046
ORzohocorpmanageengine_opmanagerMatch12.3build123047
ORzohocorpmanageengine_opmanagerMatch12.3build123048
ORzohocorpmanageengine_opmanagerMatch12.3build123049
ORzohocorpmanageengine_opmanagerMatch12.3build123050
ORzohocorpmanageengine_opmanagerMatch12.3build123051
ORzohocorpmanageengine_opmanagerMatch12.3build123052
ORzohocorpmanageengine_opmanagerMatch12.3build123053
ORzohocorpmanageengine_opmanagerMatch12.3build123054
ORzohocorpmanageengine_opmanagerMatch12.3build123055
ORzohocorpmanageengine_opmanagerMatch12.3build123056
ORzohocorpmanageengine_opmanagerMatch12.3build123057
ORzohocorpmanageengine_opmanagerMatch12.3build123062
ORzohocorpmanageengine_opmanagerMatch12.3build123063
ORzohocorpmanageengine_opmanagerMatch12.3build123064
ORzohocorpmanageengine_opmanagerMatch12.3build123065
ORzohocorpmanageengine_opmanagerMatch12.3build123066
ORzohocorpmanageengine_opmanagerMatch12.3build123067
ORzohocorpmanageengine_opmanagerMatch12.3build123068
ORzohocorpmanageengine_opmanagerMatch12.3build123069
ORzohocorpmanageengine_opmanagerMatch12.3build123070
ORzohocorpmanageengine_opmanagerMatch12.3build123076
ORzohocorpmanageengine_opmanagerMatch12.3build123077
ORzohocorpmanageengine_opmanagerMatch12.3build123078
ORzohocorpmanageengine_opmanagerMatch12.3build123079
ORzohocorpmanageengine_opmanagerMatch12.3build123080
ORzohocorpmanageengine_opmanagerMatch12.3build123081
ORzohocorpmanageengine_opmanagerMatch12.3build123082
ORzohocorpmanageengine_opmanagerMatch12.3build123083
ORzohocorpmanageengine_opmanagerMatch12.3build123084
ORzohocorpmanageengine_opmanagerMatch12.3build123086
ORzohocorpmanageengine_opmanagerMatch12.3build123090
ORzohocorpmanageengine_opmanagerMatch12.3build123091
ORzohocorpmanageengine_opmanagerMatch12.3build123092
ORzohocorpmanageengine_opmanagerMatch12.3build123192
ORzohocorpmanageengine_opmanagerMatch12.3build123193
ORzohocorpmanageengine_opmanagerMatch12.3build123194
ORzohocorpmanageengine_opmanagerMatch12.3build123195
ORzohocorpmanageengine_opmanagerMatch12.3build123196
ORzohocorpmanageengine_opmanagerMatch12.3build123197
ORzohocorpmanageengine_opmanagerMatch12.3build123198
ORzohocorpmanageengine_opmanagerMatch12.3build123204
ORzohocorpmanageengine_opmanagerMatch12.3build123205
ORzohocorpmanageengine_opmanagerMatch12.3build123206
ORzohocorpmanageengine_opmanagerMatch12.3build123207
ORzohocorpmanageengine_opmanagerMatch12.3build123208
ORzohocorpmanageengine_opmanagerMatch12.3build123222
ORzohocorpmanageengine_opmanagerMatch12.3build123223
ORzohocorpmanageengine_opmanagerMatch12.3build123224
ORzohocorpmanageengine_opmanagerMatch12.3build123229
ORzohocorpmanageengine_opmanagerMatch12.3build123230
ORzohocorpmanageengine_opmanagerMatch12.3build123231
ORzohocorpmanageengine_opmanagerMatch12.3build123237
| CPE | Name | Operator | Version |
|---|---|---|---|
| zohocorp:manageengine_opmanager | zohocorp manageengine opmanager | eq | 12.3 |
Related
cvelist
cvelist
CVE-2018-20173
2022-10-03 16:22:06
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine OpManager SQL Injection (CVE-2018-20173)
2019-02-21 00:00:00
packetstorm
packetstorm
Zoho ManageEngine OpManager 12.3 SQL Injection
2018-12-17 00:00:00
zdt
zdt
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability
2018-12-17 00:00:00
nvd
nvd
CVE-2018-20173
2018-12-17 08:29:01
dsquare
dsquare
ManageEngine OpManager 12.3 SQL Injection
2019-01-08 00:00:00
prion
prion
Sql injection
2018-12-17 08:29:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
Related for CVE-2018-20173