# Security Updates - CVE-2018-9087-9088-9089 | OpManager

## CVE-2018-9087, CVE-2018-9088, CVE-2018-9089

### SQL injection vulnerability

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: 10 (Critical)** |
| Reported | 14 May 2018 |
| Fixed | 14 June 2018 |
| Affected Builds | Till Build 123156 |
| Fixed in | Build 123157 |
| Overview | SQL injection in FailOverHelperServlet |
| **Recommended Fix** | **Upgrade to [OpManager Version 12.3.239](https://www.manageengine.com/network-monitoring/service-packs.html) or above.** |

### Description

A SQL injection vulnerability was discovered in OpManager before version 12.3.157. The SQL injection in `FailOverHelperServlet` for the operation `getprobenetworkshare`, `standbyprobestatus` has now been fixed.  
We recommend that you [upgrade to OpManager Version 12.3.157](https://www.manageengine.com/network-monitoring/service-packs.html) or above to fix this issue.

### Source and Acknowledgements

Find out more about [CVE-2018-9087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9087), [CVE-2018-9088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9088), [CVE-2018-9089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9089) from the CVE dictionary.

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).