SQL Injection Vulnerability in Zoho ManageEngine OpManager's Support Diagnostics Module
CVE-2021-40493 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.