| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (Critical) |
| Reported | 11 June 2018 |
| Fixed | 11 July 2018 |
| Affected Builds | Till Build 123167 |
| Fixed in | Build 123169 |
| Overview | Vulnerability that allows to inject arbitrary web script or HTML by remote attackers |
| Recommended Fix | Upgrade to OpUtils Version 12.3.329 or above. |
Arbitrary web script injection vulnerability was discovered in OpUtils before version 12.3.169. This Vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet
We recommend that you upgrade to OpUtils version 12.3.329 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-12997, CVE-2018-12998 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at oputils-support@manageengine.com