CVE-2018-12997, CVE-2018-12998

Arbitrary web script injection vulnerability

 

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 11 June 2018
Fixed 11 July 2018
Affected Builds Till Build 123167
Fixed in Build 123169
Overview Vulnerability that allows to inject arbitrary web script or HTML by remote attackers
Recommended Fix Upgrade to OpUtils Version 12.3.329 or above.

 

Description

Arbitrary web script injection vulnerability was discovered in OpUtils before version 12.3.169. This Vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet

We recommend that you upgrade to OpUtils version 12.3.329 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997, CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at oputils-support@manageengine.com