5 matches found
Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...
Zoho ManageEngine OpManager oputilsServlet Authentication Bypass (CVE-2018-17283)
An authentication bypass vulnerability exists in ManageEngine OpManager. The vulnerability is due to lack of access control of /oputilsServlet?action=getAPIKey method...
CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 is affected by an authentication bypass in /oputilsServlet and can be leveraged for SQL injection via /api/json/device/setManaged name parameter or to add an admin user via /api/json/v2/admin/addUser. The vulnerability arises from lack of acces...