# CVE-2019-17602
## SQL injection vulnerability in OPMDeviceDetailsServlet
| Vulnerability Details | |
|---|---|
| Impact | **CVSS V3 rating: 9.8 (Critical)** |
| Reported | 14th September 2019 |
| Fixed | 3rd October 2019 |
| Affected Builds | - Builds till 124077
- 124083 to 124088 |
| Fixed in | Builds 124078 and 124089 |
| Overview | SQL injection vulnerability in OPMDeviceDetailsServlet |
| **Recommended Fix** | **Upgrade to [OpManager Version 12.4.078](https://www.manageengine.com/network-monitoring/service-packs.html?124078) or above.**
**For builds 124079 to 124088:** Contact our [support team](mailto:opmanager-support@manageengine.com) (opmanager-support@manageengine.com) in case of queries. |
## Description
Due to a vulnerability, it was possible to make Authenticated/Unauthenticated SQL injections in OPMDeviceDetailsServlet.
We recommend that you [upgrade to OpManager Version 12.4.078](https://www.manageengine.com/network-monitoring/service-packs.html?124078) or contact our support team at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com) to fix this issue.
## Source and Acknowledgements
Find out more about CVE-2019-17602 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17602).
## Need Help?
For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).