Security Updates - CVE Database
Home » Security Updates » CVE-2018-12997, CVE-2018-12998

CVE-2018-12997, CVE-2018-12998

XSS vulnerability

 

Vulnerability Details
ImpactCVSS V3 rating: 10 (Critical)
Reported10 May 2018
Fixed11 June 2018
Affected BuildsTill Build 123168
Fixed inBuild 123169
OverviewCross-site scripting (XSS) vulnerability
Recommended FixUpgrade to OpManager Version 12.3.239 or above.

 

Description

A XSS vulnerability was discovered in OpManager before version 12.3.169. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. We recommend that you upgrade to OpManager Version 12.3.169 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997, CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

 
Related Products