CVE-2021-40493

SQL injection vulnerability in support diagnostics module.

Vulnerability Details
Severity High
Reported Aug 30, 2021
Reported by Hồng Dương Trần
Fixed Sept 3, 2021
Affected Builds From version 125140
Fixed in Build 125437 and 125453
Overview SQL injection vulnerability in support diagnostics module.
Recommended Fix → For builds versions 125436 and below please upgrade to OpManager Version 12.5.437 or above.

 

Description

An SQL injection vulnerability was noticed from OpManager versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.

We strongly recommend you to upgrade OpManager to version 125437 or higher to resolve this vulnerability issue.

Source and Acknowledgements

Find out more about CVE-2021-40493 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote