PT-2024-28248 · Zohocorp · Opmanager Enterprise Edition+3

Muhammed Mekkawy

Published

2024-07-17

Updated

2024-07-18

CVE-2024-38870

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104 Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions from 128151 before 128238 Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions from 128247 before 128250

Description The issue is related to a Stored XSS vulnerability in the reports module.

Recommendations For versions before 128104, update to a version after 128104 to resolve the issue. For versions from 128151 before 128238, update to a version after 128238 to resolve the issue. For versions from 128247 before 128250, update to a version after 128250 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-38870

Affected Products

Opmanager

Opmanager Enterprise Edition

Opmanager Msp

Opmanager Plus

PT-2024-28248 · Zohocorp · Opmanager Enterprise Edition+3

CVE-2024-38870

Weakness Enumeration

Related Identifiers

Affected Products

References · 4