Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 up to and including 11.5 build 11400 and IT360 10.5 and previous versions allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine opmanager 11.4 |
||
zohocorp manageengine opmanager 11.5 |
||
zohocorp manageengine opmanager 9.2 |
||
zohocorp manageengine opmanager 9.1 |
||
zohocorp manageengine opmanager 11.1 |
||
zohocorp manageengine opmanager 11.0 |
||
zohocorp manageengine opmanager 10.2 |
||
zohocorp manageengine opmanager 9.4 |
||
zohocorp manageengine opmanager 11.3 |
||
zohocorp manageengine opmanager 11.2 |
||
zohocorp manageengine opmanager 9.0 |
||
zohocorp manageengine opmanager 8.8 |
||
zohocorp manageengine opmanager 10.1 |
||
zohocorp manageengine opmanager 10.0 |