Primary

Context

ManageEngine Analytics Plus SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in ManageEngine Analytics Plus on-premise versions through 6171. This vulnerability allows authenticated users to execute arbitrary SQL queries via the key update API, due to insufficient input validation. Exploitation of this vulnerability could lead to unauthorized access, data manipulation, or disruption of the database.

Impact

Exploitation of this vulnerability could allow authenticated users to execute arbitrary SQL queries, potentially leading to unauthorized access, manipulation of data, or disruption of the database.

Remediation

Users can upgrade to the latest version by downloading the upgrade pack from the ManageEngine Analytics Plus service pack page and following the provided upgrade instructions. For support, contact the ManageEngine Analytics Plus support team via email.

Added: Oct 21, 2025, 12:16 PM

Updated: Oct 21, 2025, 8:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Analytics Plus SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine Analytics Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating