Headline
CVE-2021-41080: Network Configuration Management by ManageEngine Network Configuration Manager
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
CVE-2021-41080****The SQL injection vulnerability issue in hardware details search has now been fixed.
Vulnerability Details
Severity
High
Reported
07 Sep 2021
Reported by
Hồng Dương Trần
Fixed
08-Sep-2021
Affected Builds
Builds 123123 - 125464
Fixed in
Builds 125465/125436/125455
Overview
SQL injection vulnerability issue in hardware details search
Recommended Fix
125435 and below, please upgrade to the latest version here.
125454 and below, please upgrade to the latest version here.
Upgrade to NCM Version 12.5.464 by contacting our support team ([email protected])
Description
The SQL injection vulnerability issue in configuration search has now been fixed.
We recommend that you upgrade to NCM Version 12.5.465 by contacting our support team at [email protected]
Source and Acknowledgements
Find out more about CVE-2021-41080 from the CVE dictionary.
Need Help?
For clarification or corrections please contact our support team or email us at [email protected].
Related news
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.