| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 7.5 (HIGH) |
| Reported | 12th April 2020 |
| Reported by | Kuncho, an independent Security researcher |
| Fixed | 20th April 2020 |
| Affected Builds | → Builds 12.3.xxx - 12.4.195 → Builds 12.5.000 - 12.5.119 |
| Fixed in | Builds 12.4.196/12.5.120 |
| Overview | Unauthenticated access to API key disclosure from a servlet call. |
| Recommended Fix | → For builds 12.3.xxx - 12.4.195, please upgrade to OpManager Version 12.4.196. → For Builds 12.5.000 - 12.5.119, please upgrade to OpManager Version 12.5.120. |
Unauthenticated access to API key disclosure from a servlet call.
We recommend that you upgrade to OpManager Version 12.4.196 / OpManager Version 12.5.120 (for builds 125000 - 125119) or contact our support team at itom-upgrades@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2020-11946 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com