SQL injection vulnerability in the Inventory Reports module.

Severity: High

CVE ID: CVE-2022-27908

Affected version(s): Build 125597 and below

Fixed version(s): Build 125588/125603.

Fixed on: April 07, 2022

More details:
An SQL injection vulnerability was detected in the Inventory Reports module. It has been fixed now.

It was possible to execute custom queries and access the database table entries.

Steps to upgrade:
Upgrade to the latest version of OpManager 125588 / 125603 by clicking on the respective build number or contact our support team at

Source and Acknowledgements

This vulnerability was reported by Anh Vu on March 22, 2022. Find out more about CVE-2022-27908 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote