Security Updates - ZVE Database
Home » Security Updates ยป ZVE-2024-1132

CSRF Vulnerability - ZVE-2024-1132

Severity: Medium

ZVE ID: ZVE-2024-1132

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
NetFlow Analyzer
Network Configuration Manager
Firewall Analyzer
OpUtils		 From version 128151 to 128246 128247 & above 14-05-2024
Below version 128103 128103 to 128150 31-05-2024

Details:

General: Previously, external users were able to utilize the network tools without authentication to perform ping or SNMP ping on network devices. This has now been fixed.

Impact:

These tools can be used by an external user without authentication to ping or SNMP ping the devices on the network.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Jayateertha Guruprasad.

Kindly contact our product support team for further details, at the below mentioned email address:

 
Related Products
 Pricing  Get Quote
Resources
Company
Training and Support
Connect with us:
     

ManageEngine is a division of Zoho Corp.