CVE-2019-17602

SQL injection vulnerability in OPMDeviceDetailsServlet

 

Vulnerability Details
Impact CVSS V3 rating: 9.8 (Critical)
Reported 14th September 2019
Fixed 3rd October 2019
Affected Builds - Builds till 124077
- 124083 to 124088
Fixed in Builds 124078 and 124089
Overview SQL injection vulnerability in OPMDeviceDetailsServlet
Recommended Fix Upgrade to OpManager Version 12.4.078 or above.

For builds 124079 to 124088: Contact our support team (opmanager-support@manageengine.com) in case of queries.

 

Description

Due to a vulnerability, it was possible to make Authenticated/Unauthenticated SQL injections in OPMDeviceDetailsServlet.

We recommend that you upgrade to OpManager Version 12.4.078 or contact our support team at opmanager-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-17602 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

 
 Pricing  Get Quote