CVE-2019-17602

SQL injection vulnerability in OPMDeviceDetailsServlet

 

Vulnerability Details
Impact CVSS V3 rating: 9.8 (Critical)
Reported 14th September 2019
Fixed 3rd October 2019
Affected Builds - Builds till 124077
- 124083 to 124088
Fixed in Builds 124078 and 124089
Overview SQL injection vulnerability in OPMDeviceDetailsServlet
Recommended Fix Upgrade to OpManager Version 12.4.078 or above.

For builds 124079 to 124088: Contact our support team (opmanager-support@manageengine.com) in case of queries.

 

Description

Due to a vulnerability, it was possible to make Authenticated/Unauthenticated SQL injections in OPMDeviceDetailsServlet.

We recommend that you upgrade to OpManager Version 12.4.078 or contact our support team at opmanager-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-17602 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote