This page contains a list of all security vulnerabilities fixed in OpUtils along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
|CVE ID||Synopsis||Severity||Fixed in version||Link to latest build|
|Internal||An operator user could access some restricted folders by bypassing the session.||High||123241||Download|
|CVE-2018-19403||Unauthenticated Remote Code Execution (RCE) vulnerability||High||123231|
|CVE-2018-17283||The 'oputilsServlet' which was previously unauthenticated has now been removed.||High||123196|
|CVE-2018-12997, CVE-2018-12998||It allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.||High||123169|