CVE-2018-9087, CVE-2018-9088, CVE-2018-9089

SQL injection vulnerability

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 14 May 2018
Fixed 14 June 2018
Affected Builds Till Build 123156
Fixed in Build 123157
Overview SQL injection in FailOverHelperServlet
Recommended Fix Upgrade to OpManager Version 12.3.239 or above.

 

Description

A SQL injection vulnerability was discovered in OpManager before version 12.3.157. The SQL injection in 'FailOverHelperServlet' for the operation 'getprobenetworkshare', 'standbyprobestatus' has now been fixed.
We recommend that you upgrade to OpManager Version 12.3.157 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-9087, CVE-2018-9088, CVE-2018-9089 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote