# Security Updates - CVE-2021-40493

## CVE-2021-40493

### SQL injection vulnerability in support diagnostics module.

| Vulnerability Details |  |
|---|---|
| Severity | **High** |
| Reported | Aug 30, 2021 |
| Reported by | Hồng Dương Trần |
| Fixed | Sept 3, 2021 |
| Affected Builds | From version 125140 |
| Fixed in | Build 125437 and 125453 |
| Overview | SQL injection vulnerability in support diagnostics module. |
| **Recommended Fix** | **→ For builds versions 125436 and below please upgrade to** **[OpManager Version 12.5.437](https://www.manageengine.com/network-monitoring/service-packs.html)** **or above.** |

### Description

An SQL injection vulnerability was noticed from OpManager versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.

We strongly recommend you to [upgrade OpManager to version 125437](https://www.manageengine.com/network-monitoring/service-packs.html) or higher to resolve this vulnerability issue.

**Source and Acknowledgements**

Find out more about CVE-2021-40493 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2021-40493).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).