CVE-2020-11946

Unauthenticated access to API key disclosure from a servlet call.

Vulnerability Details
Impact CVSS V3 rating: 7.5 (HIGH)
Reported 12th April 2020
Reported by Kuncho, an independent Security researcher
Fixed 20th April 2020
Affected Builds → Builds 12.3.xxx - 12.4.195
→ Builds 12.5.000 - 12.5.119
Fixed in Builds 12.4.196/12.5.120
Overview Unauthenticated access to API key disclosure from a servlet call.
Recommended Fix → For builds 12.3.xxx - 12.4.195, please upgrade to OpManager Version 12.4.196.

→ For Builds 12.5.000 - 12.5.119, please upgrade to OpManager Version 12.5.120.

 

Description

Unauthenticated access to API key disclosure from a servlet call.

We recommend that you upgrade to OpManager Version 12.4.196 / OpManager Version 12.5.120 (for builds 125000 - 125119) or contact our support team at itom-upgrades@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2020-11946 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote