CVE-2021-41288

SQL injection vulnerability in the Reports module

Vulnerability Details
Severity High
Reported Sept 05, 2021
Reported by Hồng Dương Trần
Fixed Sept 17, 2021
Affected Builds Builds 125466 and below.
Fixed in Build 125437/ 125455 and 125467
Overview SQL injection vulnerability in the Reports module
Recommended Fix

→ For builds below 125437, please upgrade to version 125437 here.

→ For builds 125438 to 125454 and please upgrade to  the version 125455 here.

 

Description

An SQL injection vulnerability was noticed in OpManager version 125466 and older versions. The SQL injection was allowed via the monitorList parameter of the getReportData API.

We recommend that you upgrade to the latest version of OpManager or contact our support team at itom-upgrades@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2021-41288 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

 
 Pricing  Get Quote