SQL Injection Vulnerability in Zoho ManageEngine OpManager's Support Diagnostics Module

SQL Injection Vulnerability in Zoho ManageEngine OpManager's Support Diagnostics Module

CVE-2021-40493 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.