Lucene search

[email protected]CVE-2021-41081

HistoryNov 11, 2021 - 5:15 a.m.

CVE-2021-41081

2021-11-1105:15:09

CWE-89

[email protected]

web.nvd.nist.gov

zoho

manageengine

network configuration manager

sql injection

cve-2021-41081

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

JSON

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.

Affected configurations

NVD

Node

zohocorpmanageengine_network_configuration_managerRange12.4–12.5

zohocorpmanageengine_network_configuration_managerMatch12.3build123123

zohocorpmanageengine_network_configuration_managerMatch12.3build123129

zohocorpmanageengine_network_configuration_managerMatch12.3build123137

zohocorpmanageengine_network_configuration_managerMatch12.3build123151

zohocorpmanageengine_network_configuration_managerMatch12.3build123156

zohocorpmanageengine_network_configuration_managerMatch12.3build123159

zohocorpmanageengine_network_configuration_managerMatch12.3build123169

zohocorpmanageengine_network_configuration_managerMatch12.3build123177

zohocorpmanageengine_network_configuration_managerMatch12.3build123179

zohocorpmanageengine_network_configuration_managerMatch12.3build123191

zohocorpmanageengine_network_configuration_managerMatch12.3build123194

zohocorpmanageengine_network_configuration_managerMatch12.3build123206

zohocorpmanageengine_network_configuration_managerMatch12.3build123207

zohocorpmanageengine_network_configuration_managerMatch12.3build123214

zohocorpmanageengine_network_configuration_managerMatch12.3build123215

zohocorpmanageengine_network_configuration_managerMatch12.3build123217

zohocorpmanageengine_network_configuration_managerMatch12.3build123218

zohocorpmanageengine_network_configuration_managerMatch12.3build123222

zohocorpmanageengine_network_configuration_managerMatch12.3build123223

zohocorpmanageengine_network_configuration_managerMatch12.3build123231

zohocorpmanageengine_network_configuration_managerMatch12.3build123237

zohocorpmanageengine_network_configuration_managerMatch12.3build123239

zohocorpmanageengine_network_configuration_managerMatch12.3build123274

zohocorpmanageengine_network_configuration_managerMatch12.3build123277

zohocorpmanageengine_network_configuration_managerMatch12.3build123279

zohocorpmanageengine_network_configuration_managerMatch12.3build123288

zohocorpmanageengine_network_configuration_managerMatch12.3build123304

zohocorpmanageengine_network_configuration_managerMatch12.3build123306

zohocorpmanageengine_network_configuration_managerMatch12.3build123312

zohocorpmanageengine_network_configuration_managerMatch12.3build123323

zohocorpmanageengine_network_configuration_managerMatch12.3build123327

zohocorpmanageengine_network_configuration_managerMatch12.5-

zohocorpmanageengine_network_configuration_managerMatch12.5build125000

zohocorpmanageengine_network_configuration_managerMatch12.5build125108

zohocorpmanageengine_network_configuration_managerMatch12.5build125112

zohocorpmanageengine_network_configuration_managerMatch12.5build125115

zohocorpmanageengine_network_configuration_managerMatch12.5build125116

zohocorpmanageengine_network_configuration_managerMatch12.5build125120

zohocorpmanageengine_network_configuration_managerMatch12.5build125121

zohocorpmanageengine_network_configuration_managerMatch12.5build125125

zohocorpmanageengine_network_configuration_managerMatch12.5build125129

zohocorpmanageengine_network_configuration_managerMatch12.5build125136

zohocorpmanageengine_network_configuration_managerMatch12.5build125142

zohocorpmanageengine_network_configuration_managerMatch12.5build125149

zohocorpmanageengine_network_configuration_managerMatch12.5build125180

zohocorpmanageengine_network_configuration_managerMatch12.5build125195

zohocorpmanageengine_network_configuration_managerMatch12.5build125199

zohocorpmanageengine_network_configuration_managerMatch12.5build125212

zohocorpmanageengine_network_configuration_managerMatch12.5build125213

zohocorpmanageengine_network_configuration_managerMatch12.5build125216

zohocorpmanageengine_network_configuration_managerMatch12.5build125228

zohocorpmanageengine_network_configuration_managerMatch12.5build125232

zohocorpmanageengine_network_configuration_managerMatch12.5build125233

zohocorpmanageengine_network_configuration_managerMatch12.5build125234

zohocorpmanageengine_network_configuration_managerMatch12.5build125323

zohocorpmanageengine_network_configuration_managerMatch12.5build125325

zohocorpmanageengine_network_configuration_managerMatch12.5build125327

zohocorpmanageengine_network_configuration_managerMatch12.5build125329

zohocorpmanageengine_network_configuration_managerMatch12.5build125343

zohocorpmanageengine_network_configuration_managerMatch12.5build125345

zohocorpmanageengine_network_configuration_managerMatch12.5build125358

zohocorpmanageengine_network_configuration_managerMatch12.5build125362

zohocorpmanageengine_network_configuration_managerMatch12.5build125363

zohocorpmanageengine_network_configuration_managerMatch12.5build125378

zohocorpmanageengine_network_configuration_managerMatch12.5build125392

zohocorpmanageengine_network_configuration_managerMatch12.5build125399

zohocorpmanageengine_network_configuration_managerMatch12.5build125417

zohocorpmanageengine_network_configuration_managerMatch12.5build125445

CPENameOperatorVersion
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managerlt12.5
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.3

CPE	Name	Operator	Version
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	lt	12.5
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.3

References

www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2021-41081

prion1 checkpoint_advisories1 nessus1 cvelist1 nvd1 githubexploit1