CVE-2021-40493

SQL injection vulnerability in support diagnostics module.

Vulnerability Details
Severity High
Reported Aug 30, 2021
Reported by Hồng Dương Trần
Fixed Sept 3, 2021
Affected Builds From version 125140
Fixed in Build 125437 and 125453
Overview SQL injection vulnerability in support diagnostics module.
Recommended Fix → For builds versions 125436 and below please upgrade to OpManager Version 12.5.437 or above.

 

Description

An SQL injection vulnerability was noticed from OpManager versions 125140. The SQL injection was allowed via the pollingObject parameter of the getDataCollectionFailureReason API.

We strongly recommend you to upgrade OpManager to version 125437 or higher to resolve this vulnerability issue.

Source and Acknowledgements

Find out more about CVE-2021-40493 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

 
 Pricing  Get Quote