CVE-2021-41081

Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:-::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager::::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123327::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123323::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123312::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123306::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123304::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123288::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123279::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123277::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123274::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123239::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123237::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123231::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123223::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123222::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123218::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123217::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123215::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123214::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123207::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123206::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123194::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123191::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123179::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123177::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123169::::::
	cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123159::::::
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123156::::::
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123151::::::
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123137::::::
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123129::::::
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123123::::::

Information

Published : 2021-11-10 21:15

Updated : 2023-02-22 10:00

NVD link : CVE-2021-41081

Mitre link : CVE-2021-41081

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

zohocorp

manageengine_network_configuration_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html", "name": "https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-41081", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2021-11-11T05:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.5", "versionStartIncluding": "12.4"}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123327:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123323:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123312:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123306:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123304:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123288:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123279:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123277:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123274:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123239:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123237:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123231:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123223:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123222:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123218:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123217:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123215:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123214:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123194:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123191:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123179:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123177:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123169:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123159:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123156:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123151:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123137:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123129:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123123:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-22T18:00Z"}

9.8 /10