CVE-2021-41075
Description
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in ManageEngine OpManager NetFlow Analyzer's Attacks Module API allows authenticated attackers to execute arbitrary SQL commands.
Vulnerability
SQL injection vulnerability in the NetFlow Analyzer's Attacks Module API of Zoho ManageEngine OpManager before build 125455. The vulnerability exists in the API endpoint handling attack data, allowing injection of SQL commands via crafted input. Affected versions: OpManager prior to build 125455 [1].
Exploitation
An attacker with network access to the OpManager web interface and valid credentials (required for accessing the Attacks Module) can send specially crafted HTTP requests to the vulnerable API endpoint. No user interaction required beyond authentication [1].
Impact
Successful exploitation allows the attacker to execute arbitrary SQL commands on the backend database, leading to unauthorized data retrieval, modification, or deletion. This could compromise sensitive network monitoring data and potentially escalate to further attacks [1].
Mitigation
Fixed in OpManager build 125455. Users should upgrade to build 125455 or later. No workarounds documented in available references [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho ManageEngine/NetFlow Analyzer in Zoho ManageEngine OpMangerdescription
- Range: <125455
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.manageengine.com/network-monitoring/help/read-me-complete.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.