Unauthenticated Remote Code Execution Vulnerability

Unauthenticated Remote Code Execution Vulnerability

This document will explain you about the Java deserialization vulnerability reported by Offensive Security Group Security Advisory which allows,

  1. Unauthenticated arbitrary code can be executed on the server where Network Configuration Manager is installed.
Vulnerabilities
 Fix Released on
CVE-2018-19403
 11-December-2018

 

What was the Problem?

  1. Unauthenticated arbitrary code can be executed on the server where Network Configuration Manager is installed. This allows users to execute payloads.

How do I fix it?

This has been identified and fixed on 11-December-2018. To apply this fix, follow the below steps:

  1. Go to https://www.manageengine.com/network-configuration-manager/upgradepack.html
  2. You can find the latest build 123231 or higher versions which has the fix. Download the PPM and update.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products