| Vulnerability Details | |
|---|---|
| Severity | High |
| Reported | Sept 05, 2021 |
| Reported by | Hồng Dương Trần |
| Fixed | Sept 17, 2021 |
| Affected Builds | Builds 125466 and below. |
| Fixed in | Build 125437/ 125455 and 125467 |
| Overview | SQL injection vulnerability in the Reports module |
| Recommended Fix |
→ For builds below 125437, please upgrade to version 125437 here. → For builds 125438 to 125454 and please upgrade to the version 125455 here. |
An SQL injection vulnerability was noticed in OpManager version 125466 and older versions. The SQL injection was allowed via the monitorList parameter of the getReportData API.
We recommend that you upgrade to the latest version of OpManager or contact our support team at itom-upgrades@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2021-41288 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.