This document will explain you about the Java deserialization vulnerability reported by Offensive Security Group Security Advisory which allows,
- Unauthenticated arbitrary code can be executed on the server where Network Configuration Manager is installed.
Vulnerabilities
|
Fix Released on
|
CVE-2018-19403
|
11-December-2018
|
What was the Problem?
- Unauthenticated arbitrary code can be executed on the server where Network Configuration Manager is installed. This allows users to execute payloads.
How do I fix it?
This has been identified and fixed on 11-December-2018. To apply this fix, follow the below steps:
- Go to https://www.manageengine.com/network-configuration-manager/upgradepack.html
- You can find the latest build 123231 or higher versions which has the fix. Download the PPM and update.