CVE-2018-12997, CVE-2018-12998

XSS vulnerability

 

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 10 May 2018
Fixed 11 June 2018
Affected Builds Till Build 123168
Fixed in Build 123169
Overview Cross-site scripting (XSS) vulnerability
Recommended Fix Upgrade to OpManager Version 12.3.239 or above.

 

Description

A XSS vulnerability was discovered in OpManager before version 12.3.169. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. We recommend that you upgrade to OpManager Version 12.3.169 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997, CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote