CVE-2019-17602: SQL Injection
First published: Tue Oct 15 2019(Updated: )
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp ManageEngine OpManager | <12.4 | |
| Zohocorp ManageEngine OpManager | =12.4 | |
| Zohocorp ManageEngine OpManager | =12.4-build124000 | |
| Zohocorp ManageEngine OpManager | =12.4-build124011 | |
| Zohocorp ManageEngine OpManager | =12.4-build124012 | |
| Zohocorp ManageEngine OpManager | =12.4-build124013 | |
| Zohocorp ManageEngine OpManager | =12.4-build124014 | |
| Zohocorp ManageEngine OpManager | =12.4-build124015 | |
| Zohocorp ManageEngine OpManager | =12.4-build124016 | |
| Zohocorp ManageEngine OpManager | =12.4-build124022 | |
| Zohocorp ManageEngine OpManager | =12.4-build124023 | |
| Zohocorp ManageEngine OpManager | =12.4-build124024 | |
| Zohocorp ManageEngine OpManager | =12.4-build124025 | |
| Zohocorp ManageEngine OpManager | =12.4-build124026 | |
| Zohocorp ManageEngine OpManager | =12.4-build124027 | |
| Zohocorp ManageEngine OpManager | =12.4-build124030 | |
| Zohocorp ManageEngine OpManager | =12.4-build124033 | |
| Zohocorp ManageEngine OpManager | =12.4-build124037 | |
| Zohocorp ManageEngine OpManager | =12.4-build124039 | |
| Zohocorp ManageEngine OpManager | =12.4-build124040 | |
| Zohocorp ManageEngine OpManager | =12.4-build124041 | |
| Zohocorp ManageEngine OpManager | =12.4-build124042 | |
| Zohocorp ManageEngine OpManager | =12.4-build124043 | |
| Zohocorp ManageEngine OpManager | =12.4-build124051 | |
| Zohocorp ManageEngine OpManager | =12.4-build124053 | |
| Zohocorp ManageEngine OpManager | =12.4-build124054 | |
| Zohocorp ManageEngine OpManager | =12.4-build124056 | |
| Zohocorp ManageEngine OpManager | =12.4-build124058 | |
| Zohocorp ManageEngine OpManager | =12.4-build124065 | |
| Zohocorp ManageEngine OpManager | =12.4-build124066 | |
| Zohocorp ManageEngine OpManager | =12.4-build124067 | |
| Zohocorp ManageEngine OpManager | =12.4-build124069 | |
| Zohocorp ManageEngine OpManager | =12.4-build124070 | |
| Zohocorp ManageEngine OpManager | =12.4-build124071 | |
| Zohocorp ManageEngine OpManager | =12.4-build124074 | |
| Zohocorp ManageEngine OpManager | =12.4-build124075 | |
| Zohocorp ManageEngine OpManager | =12.4-build124081 | |
| Zohocorp ManageEngine OpManager | =12.4-build124082 | |
| Zohocorp ManageEngine OpManager | =12.4-build124085 | |
| Zohocorp ManageEngine OpManager | =12.4-build124086 | |
| Zohocorp ManageEngine OpManager | =12.4-build124087 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-17602?
The severity of CVE-2019-17602 is critical with a severity value of 9.8.
How does CVE-2019-17602 affect Zoho ManageEngine OpManager?
CVE-2019-17602 affects Zoho ManageEngine OpManager versions before 12.4 build 124089 and can be exploited through SQL injection.
Is authentication required to exploit CVE-2019-17602?
Depending on the configuration, CVE-2019-17602 can be exploited both unauthenticated and authenticated.
How do I fix CVE-2019-17602?
To fix CVE-2019-17602, upgrade Zoho ManageEngine OpManager to version 12.4 build 124089 or later.
Where can I find more information about CVE-2019-17602?
More information about CVE-2019-17602 can be found at the following link: [https://www.manageengine.com/network-monitoring/help/read-me-complete.html](https://www.manageengine.com/network-monitoring/help/read-me-complete.html)
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zohocorp manageengine opmanager
- version/zohocorp manageengine opmanager/12.4
- version/zohocorp manageengine opmanager/12.4-build124000
- version/zohocorp manageengine opmanager/12.4-build124011
- version/zohocorp manageengine opmanager/12.4-build124012
- version/zohocorp manageengine opmanager/12.4-build124013
- version/zohocorp manageengine opmanager/12.4-build124014
- version/zohocorp manageengine opmanager/12.4-build124015
- version/zohocorp manageengine opmanager/12.4-build124016
- version/zohocorp manageengine opmanager/12.4-build124022
- version/zohocorp manageengine opmanager/12.4-build124023
- version/zohocorp manageengine opmanager/12.4-build124024
- version/zohocorp manageengine opmanager/12.4-build124025
- version/zohocorp manageengine opmanager/12.4-build124026
- version/zohocorp manageengine opmanager/12.4-build124027
- version/zohocorp manageengine opmanager/12.4-build124030
- version/zohocorp manageengine opmanager/12.4-build124033
- version/zohocorp manageengine opmanager/12.4-build124037
- version/zohocorp manageengine opmanager/12.4-build124039
- version/zohocorp manageengine opmanager/12.4-build124040
- version/zohocorp manageengine opmanager/12.4-build124041
- version/zohocorp manageengine opmanager/12.4-build124042
- version/zohocorp manageengine opmanager/12.4-build124043
- version/zohocorp manageengine opmanager/12.4-build124051
- version/zohocorp manageengine opmanager/12.4-build124053
- version/zohocorp manageengine opmanager/12.4-build124054
- version/zohocorp manageengine opmanager/12.4-build124056
- version/zohocorp manageengine opmanager/12.4-build124058
- version/zohocorp manageengine opmanager/12.4-build124065
- version/zohocorp manageengine opmanager/12.4-build124066
- version/zohocorp manageengine opmanager/12.4-build124067
- version/zohocorp manageengine opmanager/12.4-build124069
- version/zohocorp manageengine opmanager/12.4-build124070
- version/zohocorp manageengine opmanager/12.4-build124071
- version/zohocorp manageengine opmanager/12.4-build124074
- version/zohocorp manageengine opmanager/12.4-build124075
- version/zohocorp manageengine opmanager/12.4-build124081
- version/zohocorp manageengine opmanager/12.4-build124082
- version/zohocorp manageengine opmanager/12.4-build124085
- version/zohocorp manageengine opmanager/12.4-build124086
- version/zohocorp manageengine opmanager/12.4-build124087