This page contains a list of all security vulnerabilities fixed in OpManager Plus along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
CVE / ZVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
---|---|---|---|---|
CVE-2024-5466 | OpManager: A Remote Code Execution (RCE) vulnerability could be exploited by users with 'Write' access to the 'Deploy Agent' action in the UI. This has been fixed now. [Reported by Daniel Santos] | High | 128330 / 128320 / 128188 / 128268 | Download |
CVE-2024-6748 | OpManager: The SQL injection vulnerability identified in the URL Monitoring has now been fixed. [Reported by: CrisprXiang, Cokebeer, and LFY]. | High | 128318 / 128186 / 128267 | |
CVE-2023-47211 | Earlier, path traversal vulnerability was detected for MIB browser. This issue has now been fixed by implementing path sanitization. | High | 127260 | |
ZVE-2023-0284 | OpManager : The Stored XSS vulnerability issues, that lead to JS injection, and were identified in the URL Monitors, have been fixed now. (Reported by Ranjit Pahan). | Medium | 126279 / 126155 / 126263 | |
CVE-2022-43473 | OpManager : Previously, there was an XML External Entity (XXE) vulnerability in UCS module. It has been fixed now.(Reported by Cisco Talos-Marcin Noga) | Medium | 126141 / 126154/ 126169 | |
CVE-2022-37024 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv6 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | High | 126120 / 126105 / 126003 / 125658 | |
CVE-2022-38772 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | High | 126120 / 126105 / 126003 / 125658 | |
CVE-2022-36923 | A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) | Critical | 126118 / 126104 / 126002 / 125657 | |
CVE-2022-35404 | Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) | Medium | 125639/ 125655/ 126101 | |
CVE-2022-29535 | The SQL injection vulnerability issues identified in a few default reports have been fixed now. (Reported by Anh Vu) | High | 125604 | |
CVE-2022-27908 | SQL vulnerability injection noticed in Inventory Reports module | High | 125588/125603 | |
CVE-2021-40493 | SQL vulnerability injection noticed in support diagnostics module | High | 125437/125453 | |
CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 125220/125314 | |
CVE-2020-12116 | Path Traversal vulnerability | High | 124196/125125 | |
CVE-2019-15106 | User login bypass vulnerability in APM plugin | High | 124062/124070 | |
Internal | An operator user could access some restricted folders by bypassing the session. | High | 123241 | |
CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 |