critical
9.8
CWE
89
Advisory Published
CVE Published
Updated

CVE-2018-20173: SQL Injection

First published: Mon Dec 17 2018(Updated: )

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ManageEngine OpManager MSP=12.3-build12300
ManageEngine OpManager MSP=12.3-build123001
ManageEngine OpManager MSP=12.3-build123002
ManageEngine OpManager MSP=12.3-build123003
ManageEngine OpManager MSP=12.3-build123004
ManageEngine OpManager MSP=12.3-build123005
ManageEngine OpManager MSP=12.3-build123006
ManageEngine OpManager MSP=12.3-build123007
ManageEngine OpManager MSP=12.3-build123008
ManageEngine OpManager MSP=12.3-build123009
ManageEngine OpManager MSP=12.3-build123010
ManageEngine OpManager MSP=12.3-build123011
ManageEngine OpManager MSP=12.3-build123012
ManageEngine OpManager MSP=12.3-build123013
ManageEngine OpManager MSP=12.3-build123014
ManageEngine OpManager MSP=12.3-build123015
ManageEngine OpManager MSP=12.3-build123021
ManageEngine OpManager MSP=12.3-build123022
ManageEngine OpManager MSP=12.3-build123023
ManageEngine OpManager MSP=12.3-build123024
ManageEngine OpManager MSP=12.3-build123025
ManageEngine OpManager MSP=12.3-build123026
ManageEngine OpManager MSP=12.3-build123027
ManageEngine OpManager MSP=12.3-build123028
ManageEngine OpManager MSP=12.3-build123029
ManageEngine OpManager MSP=12.3-build123030
ManageEngine OpManager MSP=12.3-build123031
ManageEngine OpManager MSP=12.3-build123032
ManageEngine OpManager MSP=12.3-build123033
ManageEngine OpManager MSP=12.3-build123034
ManageEngine OpManager MSP=12.3-build123035
ManageEngine OpManager MSP=12.3-build123036
ManageEngine OpManager MSP=12.3-build123037
ManageEngine OpManager MSP=12.3-build123043
ManageEngine OpManager MSP=12.3-build123044
ManageEngine OpManager MSP=12.3-build123045
ManageEngine OpManager MSP=12.3-build123046
ManageEngine OpManager MSP=12.3-build123047
ManageEngine OpManager MSP=12.3-build123048
ManageEngine OpManager MSP=12.3-build123049
ManageEngine OpManager MSP=12.3-build123050
ManageEngine OpManager MSP=12.3-build123051
ManageEngine OpManager MSP=12.3-build123052
ManageEngine OpManager MSP=12.3-build123053
ManageEngine OpManager MSP=12.3-build123054
ManageEngine OpManager MSP=12.3-build123055
ManageEngine OpManager MSP=12.3-build123056
ManageEngine OpManager MSP=12.3-build123057
ManageEngine OpManager MSP=12.3-build123062
ManageEngine OpManager MSP=12.3-build123063
ManageEngine OpManager MSP=12.3-build123064
ManageEngine OpManager MSP=12.3-build123065
ManageEngine OpManager MSP=12.3-build123066
ManageEngine OpManager MSP=12.3-build123067
ManageEngine OpManager MSP=12.3-build123068
ManageEngine OpManager MSP=12.3-build123069
ManageEngine OpManager MSP=12.3-build123070
ManageEngine OpManager MSP=12.3-build123076
ManageEngine OpManager MSP=12.3-build123077
ManageEngine OpManager MSP=12.3-build123078
ManageEngine OpManager MSP=12.3-build123079
ManageEngine OpManager MSP=12.3-build123080
ManageEngine OpManager MSP=12.3-build123081
ManageEngine OpManager MSP=12.3-build123082
ManageEngine OpManager MSP=12.3-build123083
ManageEngine OpManager MSP=12.3-build123084
ManageEngine OpManager MSP=12.3-build123086
ManageEngine OpManager MSP=12.3-build123090
ManageEngine OpManager MSP=12.3-build123091
ManageEngine OpManager MSP=12.3-build123092
ManageEngine OpManager MSP=12.3-build123192
ManageEngine OpManager MSP=12.3-build123193
ManageEngine OpManager MSP=12.3-build123194
ManageEngine OpManager MSP=12.3-build123195
ManageEngine OpManager MSP=12.3-build123196
ManageEngine OpManager MSP=12.3-build123197
ManageEngine OpManager MSP=12.3-build123198
ManageEngine OpManager MSP=12.3-build123204
ManageEngine OpManager MSP=12.3-build123205
ManageEngine OpManager MSP=12.3-build123206
ManageEngine OpManager MSP=12.3-build123207
ManageEngine OpManager MSP=12.3-build123208
ManageEngine OpManager MSP=12.3-build123222
ManageEngine OpManager MSP=12.3-build123223
ManageEngine OpManager MSP=12.3-build123224
ManageEngine OpManager MSP=12.3-build123229
ManageEngine OpManager MSP=12.3-build123230
ManageEngine OpManager MSP=12.3-build123231
ManageEngine OpManager MSP=12.3-build123237

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-20173?

    CVE-2018-20173 is classified as a high severity vulnerability due to its ability to allow SQL injection.

  • How do I fix CVE-2018-20173?

    To mitigate CVE-2018-20173, users should update to a fixed version of ManageEngine OpManager as specified by the vendor.

  • What versions of ManageEngine OpManager are affected by CVE-2018-20173?

    CVE-2018-20173 affects ManageEngine OpManager version 12.3 before build 123238.

  • What type of vulnerability is CVE-2018-20173?

    CVE-2018-20173 is a SQL injection vulnerability which can allow attackers to execute arbitrary SQL queries.

  • Can CVE-2018-20173 impact my data security?

    Yes, CVE-2018-20173 can lead to unauthorized access to sensitive data and potential data breaches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203