This document addresses the vulnerability reported in the management component of RMM Central.
Severities: High
Update Released Build: 10.1.46
Update Released Date: 07/01/2023
An authenticated SQL injection vulnerability in Management Component (CVE-2022-47523) was identified which may allow an adversary to execute custom queries and access the database table entries. This has now been fixed by enhancing validation and escaping special characters.
Affected versions: 10.1.45 and below
This vulnerability was reported by nextheia.com via ManageEngine's Bug Bounty program.
These vulnerabilities have been fixed on January 7, 2023 and the mitigation is available in the build 10.1.46 with management build 10.1.2232.2.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the service pack page.
https://www.manageengine.com/remote-monitoring-management/service-packs.html
For any further questions or concerns, please reach out to us at rmmcentral-support@manageengine.com