|Reported||Aug 30, 2021|
|Reported by||Hồng Dương Trần|
|Fixed||Sept 3, 2021|
|Affected Builds||From version 125140|
|Fixed in||Build 125437 and 125453|
|Overview||SQL injection vulnerability in support diagnostics module.|
|Recommended Fix||→ For builds versions 125436 and below please upgrade to OpManager Version 12.5.437 or above.|
An SQL injection vulnerability was noticed from OpManager versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.
We strongly recommend you to upgrade OpManager to version 125437 or higher to resolve this vulnerability issue.
Source and Acknowledgements
Find out more about CVE-2021-40493 from the CVE dictionary.