Security Updates - ZVE-2024-4386 | ManageEngine OpManager

ZVE-2024-4386

Stored XSS vulnerability in Schedule reports - ZVE-2024-4386

Severity: Medium

ZVE ID: ZVE-2024-4386

Product name	Affected Version(s)	Fixed Version(s)	Fixed On
OpManager OpManager Plus OpManager MSP OpManager Enterprise Edition	From version 128103 and below	128104	June 14, 2024
	From version 128151 to 128237	128238	June 07,2024
	From version 128247 to 128249	128250 & above	June 04,2024

Details:

OpManager: A stored XSS vulnerability was discovered in Schedule reports. This has now been fixed.(Reported by Muhammed Mekkawy. Refer:ZVE-2024-4386).

Steps to upgrade:

Kindly download the latest upgrade pack from here.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Muhammed Mekkawy.

Kindly contact our product support team for further details, at the below mentioned email address:

OpManager: opmanager-support@manageengine.com

ZVE-2024-4386

Stored XSS vulnerability in Schedule reports - ZVE-2024-4386

Resources

Company

Training and Support

Connect with us: