This page contains a list of all security vulnerabilities fixed in OpUtils along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
| CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
|---|---|---|---|---|
| CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file | Medium | 124079 and 124099 | Download |
| Internal | An operator user could access some restricted folders by bypassing the session. | High | 123241 | |
| CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 | |
| CVE-2018-17283 | The 'oputilsServlet' which was previously unauthenticated has now been removed. | High | 123196 | |
| CVE-2018-12997, CVE-2018-12998 | It allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | High | 123169 |