| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (Critical) |
| Reported | 10 May 2018 |
| Fixed | 11 June 2018 |
| Affected Builds | Till Build 123168 |
| Fixed in | Build 123169 |
| Overview | Cross-site scripting (XSS) vulnerability |
| Recommended Fix | Upgrade to OpManager Version 12.3.239 or above. |
A XSS vulnerability was discovered in OpManager before version 12.3.169. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. We recommend that you upgrade to OpManager Version 12.3.169 or above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-12997, CVE-2018-12998 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.