| Vulnerability Details | |
|---|---|
| Impact | NA |
| Reported | 15 August 2019 |
| Fixed | 22 August 2019 |
| Affected Builds | - Builds till 124061 - 124065 to 124069 |
| Fixed in | Builds 124062 and 124070 |
| Overview | User login bypass vulnerability in APM plugin |
| Recommended Fix | For builds till 124061: Upgrade to OpManager Version 12.4.062 or above. For builds 124065 to 124069: Contact our support team (opmanager-support@manageengine.com) |
A user was able to bypass the username-password requirement and execute arbitrary commands on the server in APM plugin.
We recommend that you upgrade to OpManager Version 12.4.062 or contact our support team at opmanager-support@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-15106 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.