ManageEngine corrige vulnerabilidades “zero-day”

Recentemente, várias vulnerabilidades “zero-day” nos produtos ManageEngine foram descobertas pela Digital Defense, Inc. Agradecemos a empresa por trabalhar conosco na divulgação responsável das vulnerabilidades. No momento em que foram divulgados publicamente, tínhamos abordados e corrigido todos eles com patches disponíveis para cada um dos aplicativos afetados.

Abaixo, você encontrará uma lista das vulnerabilidades e produtos afetados, juntamente com links para os pacotes de serviços do ManageEngine que lançamos para abordá-los.

Vulnerability	Applications/Versions Affected	Resolution/Service Packs
DDI-VRT-2018-01 – Unauthenticated File Upload via /servlets/CmClientUtilServlet	ServiceDesk Plus MSP 9.3 (Build 9302) ServiceDesk Plus 9.3 (Build 9328)	Download the latest ServiceDesk Plus MSP service pack: https://www.manageengine .com/products/service-desk-msp/service-packs-hotfix.htmlDownload the latest ServiceDesk Plus service pack: https://www.manageengine .com/products/service-desk/service-packs.html
DDI-VRT-2018-02 – Unauthenticated Blind SQL Injection via /servlets/RegisterAgent DDI-VRT-2018-03 – Unauthenticated Blind SQL Injection via /servlets/StatusUpdateServlet and /servlets/AgentActionServlet DDI-VRT-2018-04 – Multiple Unauthenticated Blind SQL Injections via /embedWidget DDI-VRT-2018-05 – Unauthenticated XML External Entity Injection via /SNMPDiscoveryURL DDI-VRT-2018-06 – Unauthenticated Blind SQL Injection via /unauthenticatedservlets/ ELARequestHandler and /unauthenticatedservlets/ NPMRequestHandler DDI-VRT-2018-07 – User Enumeration via /servlets/ConfServlet	OpManager 12.3 (Build 123002)Firewall Analyzer 12.3 (Build 12.3.008) Network Configuration Manager 12.3 (Build 12.3.008) OpUtils 12.3 (Build 12.3.005) NetFlow Analyzer 12.3 (Build 12.3.009)	Download the latest OpManager service pack: https://www.manageengine .com/network-monitoring/service-packs.htmlDownload the latest Firewall Analyzer service pack: https://www.manageengine .com/products/firewall/service-packs.htmlDownload the latest Network Configuration Managerservice pack: https://www.manageengine .com/network-configuration-manager/upgradepack.htmlDownload the latest OpUtilsservice pack: https://www.manageengine .com/products/oputils/service-packs.html Download the latest NetFlow Analyzer service pack: https://www.manageengine .com/products/netflow/service-packs.html

Vulnerability

Applications/Versions Affected

Resolution/Service Packs

DDI-VRT-2018-01 – Unauthenticated File Upload via /servlets/CmClientUtilServlet

ServiceDesk Plus MSP 9.3 (Build 9302) ServiceDesk Plus 9.3 (Build 9328)

Download the latest ServiceDesk Plus MSP service pack: https://www.manageengine
.com/products/service-desk-msp/service-packs-hotfix.htmlDownload the latest ServiceDesk Plus service pack: https://www.manageengine
.com/products/service-desk/service-packs.html

DDI-VRT-2018-02 – Unauthenticated Blind SQL Injection via /servlets/RegisterAgent
DDI-VRT-2018-03 – Unauthenticated Blind SQL Injection via /servlets/StatusUpdateServlet and /servlets/AgentActionServlet
DDI-VRT-2018-04 – Multiple Unauthenticated Blind SQL Injections via /embedWidget
DDI-VRT-2018-05 – Unauthenticated XML External Entity Injection via /SNMPDiscoveryURL
DDI-VRT-2018-06 – Unauthenticated Blind SQL Injection via /unauthenticatedservlets/
ELARequestHandler and /unauthenticatedservlets/
NPMRequestHandler
DDI-VRT-2018-07 – User Enumeration via /servlets/ConfServlet

OpManager 12.3 (Build 123002)Firewall Analyzer 12.3 (Build 12.3.008)

Network Configuration Manager 12.3 (Build 12.3.008)

OpUtils 12.3 (Build 12.3.005)

NetFlow Analyzer 12.3 (Build 12.3.009)

Download the latest OpManager service pack: https://www.manageengine
.com/network-monitoring/service-packs.htmlDownload the latest Firewall Analyzer service pack: https://www.manageengine
.com/products/firewall/service-packs.htmlDownload the latest Network Configuration Managerservice pack: https://www.manageengine
.com/network-configuration-manager/upgradepack.htmlDownload the latest OpUtilsservice pack: https://www.manageengine
.com/products/oputils/service-packs.html

Download the latest NetFlow Analyzer service pack: https://www.manageengine
.com/products/netflow/service-packs.html

ACS Pro Parceira ManageEngine no Brasil. – Fone / WhatsApp (11) 2626-4653

Forte Abraço.

Deixe um comentário Cancelar resposta