Vulnerability Applications/Versions Affected Resolution/Service Packs
  • DDI-VRT-2018-01 – Unauthenticated File Upload via /servlets/CmClientUtilServlet
 ServiceDesk Plus MSP 9.3 (Build 9302) ServiceDesk Plus 9.3 (Build 9328) Download the latest ServiceDesk Plus MSP service pack: https://www.manageengine
.com/products/service-desk-msp/service-packs-hotfix.html

Download the latest ServiceDesk Plus service pack: https://www.manageengine
.com/products/service-desk/service-packs.html
  • DDI-VRT-2018-02 – Unauthenticated Blind SQL Injection via /servlets/RegisterAgent
  • DDI-VRT-2018-03 – Unauthenticated Blind SQL Injection via /servlets/StatusUpdateServlet and /servlets/AgentActionServlet
  • DDI-VRT-2018-04 – Multiple Unauthenticated Blind SQL Injections via /embedWidget
  • DDI-VRT-2018-05 – Unauthenticated XML External Entity Injection via /SNMPDiscoveryURL
  • DDI-VRT-2018-06 – Unauthenticated Blind SQL Injection via /unauthenticatedservlets/
    ELARequestHandler and /unauthenticatedservlets/
    NPMRequestHandler
  • DDI-VRT-2018-07 – User Enumeration via /servlets/ConfServlet
 OpManager 12.3 (Build 123002)

Firewall Analyzer 12.3 (Build 12.3.008)

Network Configuration Manager 12.3 (Build 12.3.008)

OpUtils 12.3 (Build 12.3.005)

NetFlow Analyzer 12.3 (Build 12.3.009)		 Download the latest OpManager service pack: https://www.manageengine
.com/network-monitoring/service-packs.html

Download the latest Firewall Analyzer service pack: https://www.manageengine
.com/products/firewall/service-packs.html

Download the latest Network Configuration Manager service pack: https://www.manageengine
.com/network-configuration-manager/upgradepack.html

Download the latest OpUtils service pack: https://www.manageengine
.com/products/oputils/service-packs.html

Download the latest NetFlow Analyzer service pack: https://www.manageengine
.com/products/netflow/service-packs.html