|Impact||CVSS V3 rating: 10 (Critical)|
|Reported||14 May 2018|
|Fixed||14 June 2018|
|Affected Builds||Till Build 123156|
|Fixed in||Build 123157|
|Overview||SQL injection in FailOverHelperServlet|
|Recommended Fix||Upgrade to OpManager Version 12.3.239 or above.|
A SQL injection vulnerability was discovered in OpManager before version 12.3.157. The SQL injection in 'FailOverHelperServlet' for the operation 'getprobenetworkshare', 'standbyprobestatus' has now been fixed.
We recommend that you upgrade to OpManager Version 12.3.157 or above to fix this issue.
Source and Acknowledgements