Security Advisory

This Security Advisory addresses an "SQL injection" vulnerability (CVE - 2022-27908, CVE-2022-29535) in ManageEngine RMM Central, reported by Anh Vu in our Bug Bounty program. Please read this document fully to understand the potential threat, its implications, and the steps you can take to fortify your network. This advisory applies to RMM Central users.

Issue: It was possible to perform SQL injection in reports for the bview parameter (Business View filter parameter).

What is the claim?

It was reported that vulnerable SQL queries was executed in reports when passed for bview parameter (Business View filter). Any SQL operations could be performed when the query was constructed and passed for this parameter.

What is the severity level of this threat?

The SQL query execution was not handled with prepared statement and hence vulnerable queries were executed. The severity of this threat is deemed high.

Who does it target?

It is applicable to RMM Central users who access the Custom reports under the monitoring section of the product.

What were the steps taken by the RMM Central team to mitigate this issue?

After detecting that there was a potential for exploit, we released the fix immediately and this fix is now available to all RMM Central users. The documents associated to mitigate this threat have also been prepared and pushed online.

How will the threat be mitigated?

The existing query execution in the data-sources of the reports were all changed to prepared statement. We have also analyzed the entire code to check if any other SQL injection was possible (using other parameters).

How can you secure your RMM Central server?

The issue can be fixed by upgrading your ManageEngine RMM Central to build 10.1.23 with monitoring instance to the versions 12.5.629 and above.

Upgrade to the last build from the URL given below.


  • It is highly recommended to upgrade to the latest build to be a recipient of strengthened security measures and enhancements for seamless functioning of the product.
  • If you need assistance, our support team is always ready to help. Please reach out to us at