| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 9.8 (Critical) |
| Reported | 14th September 2019 |
| Fixed | 3rd October 2019 |
| Affected Builds | - Builds till 124077 - 124083 to 124088 |
| Fixed in | Builds 124078 and 124089 |
| Overview | SQL injection vulnerability in OPMDeviceDetailsServlet |
| Recommended Fix | Upgrade to OpManager Version 12.4.078 or above. For builds 124079 to 124088: Contact our support team (opmanager-support@manageengine.com) in case of queries. |
Due to a vulnerability, it was possible to make Authenticated/Unauthenticated SQL injections in OPMDeviceDetailsServlet.
We recommend that you upgrade to OpManager Version 12.4.078 or contact our support team at opmanager-support@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-17602 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.