Security Updates - CVE Database
Network Configuration Management » Security Updates » CVE-2018-12997-CVE-2018-12998

CVE-2018-12997-CVE-2018-12998

Arbitrary web script injection vulnerability

 

Vulnerability Details
ImpactCVSS V3 rating: 10 (Critical)
Reported10 June 2018
Fixed11 July 2018
Affected BuildsTill Build 123159
Fixed inBuild 123169
OverviewVulnerability that allows arbitrary web script injection by remote attackers
Recommended FixUpgrade to Network Configuration Manager Version 12.3.169 or above.

 

Description

An arbitrary web script injection vulnerability was discovered in Network Configuration Manager before version 12.3.169. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

We recommend that you upgrade to Network Configuration Manager version 12.3.169 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997 and CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at ncm-support@manageengine.com.

Quick LinksRelated Products