CVE-2018-12997-CVE-2018-12998

Arbitrary web script injection vulnerability

 

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 10 June 2018
Fixed 11 July 2018
Affected Builds Till Build 123159
Fixed in Build 123169
Overview Vulnerability that allows arbitrary web script injection by remote attackers
Recommended Fix Upgrade to Network Configuration Manager Version 12.3.169 or above.

 

Description

An arbitrary web script injection vulnerability was discovered in Network Configuration Manager before version 12.3.169. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

We recommend that you upgrade to Network Configuration Manager version 12.3.169 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997 and CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at ncm-support@manageengine.com.