CVE-2019-12196: SQL Injection
First published: Wed Jun 05 2019(Updated: )
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Netflow Analyzer | =12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12196?
The severity of CVE-2019-12196 is critical with a CVSS score of 9.8.
How does the SQL injection vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3 work?
The SQL injection vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands by manipulating the DeviceID parameter.
Which version of Zoho ManageEngine NetFlow Analyzer is affected by CVE-2019-12196?
Zoho ManageEngine NetFlow Analyzer version 12.3 is affected by CVE-2019-12196.
What can an attacker do with the SQL injection vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3?
An attacker can execute arbitrary SQL commands, potentially gaining unauthorized access to the application's database.
How can I mitigate the SQL injection vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3?
To mitigate the SQL injection vulnerability, it is recommended to update to a patched version of Zoho ManageEngine NetFlow Analyzer.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine netflow analyzer
- version/zohocorp manageengine netflow analyzer/12.3