What is CVE-2024-6748?

CVE-2024-6748 is a high-severity vulnerability in Manageengine Opmanager, classified under SQL Injection. CVSS score: 8.3/10. Published 2024-07-29.

How severe is CVE-2024-6748?

High severity. CVSS v3 base score is 8.3 out of 10.

Is CVE-2024-6748 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Manageengine Opmanager

CVE-2024-6748

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.

Vulnerability class: SQL Injection

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L.

Affected products

Manageengine Opmanager — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

www.manageengine.com/itom/advisory/cve-2024-6748.html

Frequently asked questions

What is CVE-2024-6748?: CVE-2024-6748 is a high-severity vulnerability in Manageengine Opmanager, classified under SQL Injection. CVSS score: 8.3/10. Published 2024-07-29.
How severe is CVE-2024-6748?: High severity. CVSS v3 base score is 8.3 out of 10.
Is CVE-2024-6748 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.