List of security vulnerabilities fixed in Network Configuration Manager

This page contains a list of all security vulnerabilities fixed in Network Configuration Manager along with its CVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

 
CVE ID Synopsis Severity Fixed in version Link to latest build
CVE-2020-12116 Path Traversal Vulnerability High 124196/125125 Download
CVE-2020-11946 Unauthenticated access to API key disclosure from a servlet call High 124188/125120
CVE-2020-11527 File read vulnerability in Arbitrary file High 124181
CVE-2020-10541 Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs High 124172
CVE-2019-17421 Incorrect file permissions on the packaged Nipper executable file. Medium 124079 & 124099
Internal An operator user could access some restricted folders by bypassing the session. High 123241
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability High 123231
CVE-2018-12997, CVE-2018-12998 Arbitrary web script injection vulnerability High 123169