Detections
Analytics
ManageEngine OpManager SQLi (CVE-2024-6748)
high Nessus Plugin ID 204970
Synopsis
The remote web server hosts an application that is affected by a SQL injection vulnerability.Description
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade ManageEngine OpManager according to the vendor advisory.See Also
https://www.manageengine.com/itom/advisory/cve-2024-6748.html
Plugin Details
Severity: High
ID: 204970
File Name: manageengine_opmanager_CVE-2024-6748.nasl
Version: 1.1
Type: remote
Family: CGI abuses
Published: 8/2/2024
Updated: 8/2/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P
CVSS Score Source: CVE-2024-6748
CVSS v3
Risk Factor: High
Base Score: 8.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Information
CPE: cpe:/a:zohocorp:manageengine_opmanager
Required KB Items: installed_sw/ManageEngine OpManager
Patch Publication Date: 7/19/2024
Vulnerability Publication Date: 7/29/2024
Reference Information
CVE: CVE-2024-6748
IAVA: 2024-A-0460