Authenticated SQL Injection in ManageEngine OpManager Products
CVE-2024-6748

Currently unrated

Key Information:

Vendor: Zohocorp
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-6748?

ManageEngine OpManager and its variants are susceptible to an authenticated SQL injection vulnerability present in URL monitoring functionalities. This flaw allows attackers with valid access to exploit injection points, leading to unauthorized access to sensitive data. Organizations utilizing OpManager, OpManager Plus, OpManager MSP, and RMM versions 128317 and below should prioritize implementing security measures to mitigate potential threats associated with this issue.

References

https://www.manageengine.com/itom/advisory/cve-2024-6748....

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024

Zohocorp

What is CVE-2024-6748?

References

Timeline