Lucene search

[email protected]CVE-2021-41080

HistoryNov 11, 2021 - 5:15 a.m.

CVE-2021-41080

2021-11-1105:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2021-41080

zoho manageengine

network configuration manager

sql injection

vulnerability

hardware details

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

JSON

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.

Affected configurations

NVD

Node

zohocorpmanageengine_network_configuration_managerRange12.4–12.5

zohocorpmanageengine_network_configuration_managerMatch12.3build123123

zohocorpmanageengine_network_configuration_managerMatch12.3build123129

zohocorpmanageengine_network_configuration_managerMatch12.3build123137

zohocorpmanageengine_network_configuration_managerMatch12.3build123151

zohocorpmanageengine_network_configuration_managerMatch12.3build123156

zohocorpmanageengine_network_configuration_managerMatch12.3build123159

zohocorpmanageengine_network_configuration_managerMatch12.3build123169

zohocorpmanageengine_network_configuration_managerMatch12.3build123177

zohocorpmanageengine_network_configuration_managerMatch12.3build123179

zohocorpmanageengine_network_configuration_managerMatch12.3build123191

zohocorpmanageengine_network_configuration_managerMatch12.3build123194

zohocorpmanageengine_network_configuration_managerMatch12.3build123206

zohocorpmanageengine_network_configuration_managerMatch12.3build123207

zohocorpmanageengine_network_configuration_managerMatch12.3build123214

zohocorpmanageengine_network_configuration_managerMatch12.3build123215

zohocorpmanageengine_network_configuration_managerMatch12.3build123217

zohocorpmanageengine_network_configuration_managerMatch12.3build123218

zohocorpmanageengine_network_configuration_managerMatch12.3build123222

zohocorpmanageengine_network_configuration_managerMatch12.3build123223

zohocorpmanageengine_network_configuration_managerMatch12.3build123231

zohocorpmanageengine_network_configuration_managerMatch12.3build123237

zohocorpmanageengine_network_configuration_managerMatch12.3build123239

zohocorpmanageengine_network_configuration_managerMatch12.3build123274

zohocorpmanageengine_network_configuration_managerMatch12.3build123277

zohocorpmanageengine_network_configuration_managerMatch12.3build123279

zohocorpmanageengine_network_configuration_managerMatch12.3build123288

zohocorpmanageengine_network_configuration_managerMatch12.3build123304

zohocorpmanageengine_network_configuration_managerMatch12.3build123306

zohocorpmanageengine_network_configuration_managerMatch12.3build123312

zohocorpmanageengine_network_configuration_managerMatch12.3build123323

zohocorpmanageengine_network_configuration_managerMatch12.3build123327

zohocorpmanageengine_network_configuration_managerMatch12.5-

zohocorpmanageengine_network_configuration_managerMatch12.5build125000

zohocorpmanageengine_network_configuration_managerMatch12.5build125108

zohocorpmanageengine_network_configuration_managerMatch12.5build125112

zohocorpmanageengine_network_configuration_managerMatch12.5build125115

zohocorpmanageengine_network_configuration_managerMatch12.5build125116

zohocorpmanageengine_network_configuration_managerMatch12.5build125120

zohocorpmanageengine_network_configuration_managerMatch12.5build125121

zohocorpmanageengine_network_configuration_managerMatch12.5build125125

zohocorpmanageengine_network_configuration_managerMatch12.5build125129

zohocorpmanageengine_network_configuration_managerMatch12.5build125136

zohocorpmanageengine_network_configuration_managerMatch12.5build125142

zohocorpmanageengine_network_configuration_managerMatch12.5build125149

zohocorpmanageengine_network_configuration_managerMatch12.5build125180

zohocorpmanageengine_network_configuration_managerMatch12.5build125195

zohocorpmanageengine_network_configuration_managerMatch12.5build125199

zohocorpmanageengine_network_configuration_managerMatch12.5build125212

zohocorpmanageengine_network_configuration_managerMatch12.5build125213

zohocorpmanageengine_network_configuration_managerMatch12.5build125216

zohocorpmanageengine_network_configuration_managerMatch12.5build125228

zohocorpmanageengine_network_configuration_managerMatch12.5build125232

zohocorpmanageengine_network_configuration_managerMatch12.5build125233

zohocorpmanageengine_network_configuration_managerMatch12.5build125234

zohocorpmanageengine_network_configuration_managerMatch12.5build125323

zohocorpmanageengine_network_configuration_managerMatch12.5build125325

zohocorpmanageengine_network_configuration_managerMatch12.5build125327

zohocorpmanageengine_network_configuration_managerMatch12.5build125329

zohocorpmanageengine_network_configuration_managerMatch12.5build125343

zohocorpmanageengine_network_configuration_managerMatch12.5build125345

zohocorpmanageengine_network_configuration_managerMatch12.5build125358

zohocorpmanageengine_network_configuration_managerMatch12.5build125362

zohocorpmanageengine_network_configuration_managerMatch12.5build125363

zohocorpmanageengine_network_configuration_managerMatch12.5build125378

zohocorpmanageengine_network_configuration_managerMatch12.5build125392

zohocorpmanageengine_network_configuration_managerMatch12.5build125399

zohocorpmanageengine_network_configuration_managerMatch12.5build125417

zohocorpmanageengine_network_configuration_managerMatch12.5build125445

CPENameOperatorVersion
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managerlt12.5
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.3

CPE	Name	Operator	Version
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	lt	12.5
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.3

References

www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41080.html

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2021-41080

prion1 nvd1 cvelist1