List of security vulnerabilities fixed in OpUtils

This page contains a list of all security vulnerabilities fixed in OpUtils along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

CVE ID Synopsis Severity Fixed in version Link to latest build
Internal An operator user could access some restricted folders by bypassing the session. High 123241 Download
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability High 123231
CVE-2018-17283 The 'oputilsServlet' which was previously unauthenticated has now been removed. High 123196
CVE-2018-12997, CVE-2018-12998 It allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. High 123169