CVE-2018-20173

SQL injection vulnerability

 

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 14 Nov 2018
Fixed 14 Dec 2018
Affected Builds Till Build 123237
Fixed in Build 123238
Overview SQL injection vulnerability in performance monitors graph page.
Recommended Fix Upgrade to OpManager Version 12.3.239 or above.

 

Description

A SQL injection vulnerability was discovered in OpManager before version 12.3.238. SQL injection was allowed via the 'getGraphData API' in OpManager.

We recommend that you upgrade to OpManager Version 12.3.238 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-20173 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

 
 Pricing  Get Quote