Security Updates - ZVE Database
Home » Security Updates ยป cve-2023-29505

Cross-site WebSocket hijacking vulnerability - CVE-2023-29505

Severity: Low

CVE ID: CVE-2023-29505

From version 127110 to 127120
Below version 127109
Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
Network Configuration Manager
NetFlow Analyzer
Firewall Analyzer
OpUtils
From version 127121 to 127130 127131 18-07-2023
From version 127110 to 127119 127120 25-07-2023
Below version 127109 127109 25-07-2023

Details:

Previously, a WebSocket connection was affected by a Cross-site WebSocket hijacking vulnerability.

This issue has been fixed by validating the origin of the websocket request.

Impact:

The vulnerability allows a attacker to gain access to the websocket connection.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by CERTXLM.

Kindly contact our product support team for further details, at the below mentioned email address:

 

 
Related Products
 Pricing  Get Quote