ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04fI. VULNERABILITY
-------------------------
OPManager version 12.3, SQL Injection vulnerability
II. CVE REFERENCE
-------------------------
CVE-2018-17243
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
19/09/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was vulnerable to sql
injection attack. A successfully exploit of this attack could allow
arbitrary code execution on remote server database.
References: https://www.manageengine.com/network-monitoring/help/read-me.html
VII. Remediation
-------------------------
Its recommended to update latest version of OPManager.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed