Unauthenticated Remote Code Execution Vulnerability

Unauthenticated Remote Code Execution Vulnerability

This document will explain you about the Java deserialization vulnerability reported by Offensive Security Group Security Advisory which allows,

  1. Unauthenticated arbitrary code can be executed on the server where OpManager Plus is installed.
Vulnerabilities
Fix Released on
´╗┐CVE-2018-19403
11-December-2018

 

What was the Problem?

  1. Unauthenticated arbitrary code can be executed on the server where OpManager Plus is installed. This allows users to execute payloads.

How do I fix it?

This has been identified and fixed on 11-December-2018. To apply this fix, follow the below steps:

  1. Go to https://www.manageengine.com/network-monitoring/service-packs.html
  2. You can find the latest build 123231 or higher versions which has the fix. Download the PPM and update.