# Security Updates - CVE-2022-27908

## CVE-2022-27908

### SQL injection vulnerability in the Inventory Reports module.

**Severity:** High  

**CVE ID:** [CVE-2022-27908](https://nvd.nist.gov/vuln/detail/CVE-2022-27908)  

**Affected version(s):** Build 125597 and below  

**Fixed version(s):** Build 125588/125603  

**Fixed on:** April 07, 2022  

**More details:**  
An SQL injection vulnerability was detected in the Inventory Reports module. It has been fixed now.

**Impact:**  
It was possible to execute custom queries and access the database table entries.

**Steps to upgrade:**  
Upgrade to the latest version of OpManager [125588](https://www.manageengine.com/network-monitoring/service-packs.html) / [125603](https://www.manageengine.com/network-monitoring/itom-servicepack.html) by clicking on the respective build number or contact our support team at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).

## Source and Acknowledgements

This vulnerability was reported by Anh Vu on March 22, 2022. Find out more about CVE-2022-27908 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2022-27908).

## Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).