Video Zone
Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.
- Loreal
- nasa
- dhl
- at&t
- siemens
- time-warner
- alcatel-lucent
- saint-gobain
This page contains a list of all security vulnerabilities fixed in OpManager Plus along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
| CVE / ZVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
|---|---|---|---|---|
| CVE-2024-5466 | OpManager: A Remote Code Execution (RCE) vulnerability could be exploited by users with 'Write' access to the 'Deploy Agent' action in the UI. This has been fixed now. [Reported by Daniel Santos] | High | 128330 / 128320 / 128188 / 128268 | Download |
| CVE-2024-6748 | OpManager: The SQL injection vulnerability identified in the URL Monitoring has now been fixed. [Reported by: CrisprXiang, Cokebeer, and LFY]. | High | 128318 / 128186 / 128267 | |
| CVE-2023-47211 | Earlier, path traversal vulnerability was detected for MIB browser. This issue has now been fixed by implementing path sanitization. | High | 127260 | |
| ZVE-2023-0284 | OpManager : The Stored XSS vulnerability issues, that lead to JS injection, and were identified in the URL Monitors, have been fixed now. (Reported by Ranjit Pahan). | Medium | 126279 / 126155 / 126263 | |
| CVE-2022-43473 | OpManager : Previously, there was an XML External Entity (XXE) vulnerability in UCS module. It has been fixed now.(Reported by Cisco Talos-Marcin Noga) | Medium | 126141 / 126154/ 126169 | |
| CVE-2022-37024 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv6 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | High | 126120 / 126105 / 126003 / 125658 | |
| CVE-2022-38772 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | High | 126120 / 126105 / 126003 / 125658 | |
| CVE-2022-36923 | A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) | Critical | 126118 / 126104 / 126002 / 125657 | |
| CVE-2022-35404 | Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) | Medium | 125639/ 125655/ 126101 | |
| CVE-2022-29535 | The SQL injection vulnerability issues identified in a few default reports have been fixed now. (Reported by Anh Vu) | High | 125604 | |
| CVE-2022-27908 | SQL vulnerability injection noticed in Inventory Reports module | High | 125588/125603 | |
| CVE-2021-40493 | SQL vulnerability injection noticed in support diagnostics module | High | 125437/125453 | |
| CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 125220/125314 | |
| CVE-2020-12116 | Path Traversal vulnerability | High | 124196/125125 | |
| CVE-2019-15106 | User login bypass vulnerability in APM plugin | High | 124062/124070 | |
| Internal | An operator user could access some restricted folders by bypassing the session. | High | 123241 | |
| CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 |