# Security Updates - CVE-2019-15106 | ManageEngine OpManager

## CVE-2019-15106

### User login bypass vulnerability in APM plugin

| Vulnerability Details |  |
|---|---|
| Impact | NA |
| Reported | 15 August 2019 |
| Fixed | 22 August 2019 |
| Affected Builds | - Builds till 124061<br>- 124065 to 124069 |
| Fixed in | Builds 124062 and 124070 |
| Overview | User login bypass vulnerability in APM plugin |
| Recommended Fix | For builds till 124061: **Upgrade to [OpManager Version 12.4.062](https://www.manageengine.com/network-monitoring/service-packs.html?124062) or above.**<br><br>For builds 124065 to 124069: **Contact our [support team](mailto:opmanager-support@manageengine.com) (opmanager-support@manageengine.com)** |

### Description

A user was able to bypass the username-password requirement and execute arbitrary commands on the server in APM plugin.

We recommend that you [upgrade to OpManager Version 12.4.062](https://www.manageengine.com/network-monitoring/service-packs.html?124062) or contact our support team at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com) to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2019-15106 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15106).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).