Security Updates - CVE-2021-40493 | ManageEngine OpManager Plus

CVE-2021-40493

SQL injection vulnerability in support diagnostics module.

Vulnerability Details
Severity	High
Reported	Aug 30, 2021
Reported by	Hồng Dương Trần
Fixed	3rd September, 2021
Affected Builds	From version 125140
Fixed in	Build 125437 and 125453
Overview	SQL injection vulnerability in support diagnostics module.
Recommended Fix	→ For builds versions 125436 and below please upgrade to OpManager Plus Version 12.5.437.

Description

An SQL injection vulnerability was noticed from OpManager Plus versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.

We strongly recommend you to upgrade OpManager Plus to version 125437 or higher to resolve this vulnerability issue.

Source and Acknowledgements

Find out more about CVE-2021-40493 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

Video Zone

Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.

Venkatesan Veerappan, IT Consultant
Mohd Jaffer Tawfiq Murtaja, Information Security officer from Al Ain sports club
Jonathan ManageEngine Customer
IT Admin from "Royal flying doctor service", Australia
Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.
Michael - Network & Tech, ManageEngine Customer
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
Donald Stewart, IT Manager from Crest Industries
John Rosser, MIS Manager - Yale Chase Equipment & Services
David Tremont, Associate Directory of Infrastructure,USA

Loreal
nasa
dhl
at&t
siemens
time-warner
alcatel-lucent
saint-gobain