| Vulnerability Details | |
|---|---|
| Severity | High |
| Reported | Aug 30, 2021 |
| Reported by | Hồng Dương Trần |
| Fixed | 3rd September, 2021 |
| Affected Builds | From version 125140 |
| Fixed in | Build 125437 and 125453 |
| Overview | SQL injection vulnerability in support diagnostics module. |
| Recommended Fix | → For builds versions 125436 and below please upgrade to OpManager Plus Version 12.5.437. |
An SQL injection vulnerability was noticed from OpManager Plus versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.
We strongly recommend you to upgrade OpManager Plus to version 125437 or higher to resolve this vulnerability issue.
Source and Acknowledgements
Find out more about CVE-2021-40493 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.