# Security Updates - CVE-2021-43319

There was a command injection vulnerability in the ipaddress/hostname field of the ping functionality. This vulnerability is specific to the configuration management module only.

## Vulnerability Details

| Field | Details |
|---|---|
| Severity | High |
| Reported | 16 Oct 2021 |
| Reported by | Nam (aka m3) from ECQ |
| Fixed | 28-Oct-2021 |
| Affected Builds | → Builds 125458 to 125472<br>→ Builds 125456 and below |
| Fixed in | → Build 125457<br>→ Build 125473 |
| Overview | There was a command injection vulnerability in the ipaddress/hostname field of the ping functionality. This vulnerability is specific to the configuration management module only. |
| Recommended Fix | **→ For builds below 125456, please upgrade to [version 125457](https://www.manageengine.com/network-monitoring/service-packs.html) here.**<br><br>**→ For builds 125458 to 125472 and please upgrade to [the version 125473 here.](https://www.manageengine.com/network-monitoring/itom-servicepack.html)** |

## Description

Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now.

We recommend that you [upgrade to the latest version of OpManager](https://www.manageengine.com/network-monitoring/service-packs.html) or contact our support team at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com) to fix this issue.

## Source and Acknowledgements

Find out more about CVE-2021-43319 from the [CVE dictionary.](https://nvd.nist.gov/vuln/detail/CVE-2021-43319)

## Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).