Security Advisory | ManageEngine OpManager
Dear Customer,
Greetings from ManageEngine OpManager. This is a security advisory mail for Applications Manager Plugin (
APM Plugin
) users.
It came to our notice that previously, a user was able to bypass the username-password requirement and execute arbitrary commands on the server in the APM plugin. This issue has been fixed in the latest version of OpManager.
Recommendation:
We highly recommend that you upgrade to the latest version of OpManager to eliminate all possible security vulnerabilities.
Fix:
i)
If you are using
OpManager builds 12.4.046 and below
, kindly upgrade to the fixed version:
OpManager 12.4.047
|
Download the latest Service Pack
|
Affected Version
|
12.4.046 and below
|
|
Fixed Version
|
12.4.047
|
ii)
If you are using OpManager builds 12.4.050 to 12.4.061, kindly upgrade to the fixed version:
OpManager 12.4.062
|
Download the latest Service Pack
|
Affected Version
|
12.4.050 to 12.4.061
|
|
Fixed Version
|
12.4.062
|
iii) If you are using OpManager builds 12.4.065 to 12.4.069, kindly contact opmanager-support@manageengine.com to receive the fix.
Note: This issue has been fixed in builds 12.4.070 and above.
We reassure that your data is totally intact and remains unbreached. In case you require any further clarification, our support team would be glad to assist you.
Regards,
Security Team,
OpManager