ManageEngine corrige vulnerabilidades “zero-day”

Recentemente, várias vulnerabilidades “zero-day” nos produtos ManageEngine foram descobertas pela Digital Defense, Inc. Agradecemos a empresa por trabalhar conosco na divulgação responsável das vulnerabilidades. No momento em que foram divulgados publicamente, tínhamos abordados e corrigido todos eles com patches disponíveis para cada um dos aplicativos afetados.

Abaixo, você encontrará uma lista das vulnerabilidades e produtos afetados, juntamente com links para os pacotes de serviços do ManageEngine que lançamos para abordá-los.

Vulnerability Applications/Versions Affected Resolution/Service Packs
  • DDI-VRT-2018-01 – Unauthenticated File Upload via /servlets/CmClientUtilServlet
ServiceDesk Plus MSP 9.3 (Build 9302) ServiceDesk Plus 9.3 (Build 9328) Download the latest ServiceDesk Plus MSP service packhttps://www.manageengine
.com/products/service-desk-msp/service-packs-hotfix.html
Download the latest ServiceDesk Plus service packhttps://www.manageengine
.com/products/service-desk/service-packs.html
  • DDI-VRT-2018-02 – Unauthenticated Blind SQL Injection via /servlets/RegisterAgent
  • DDI-VRT-2018-03 – Unauthenticated Blind SQL Injection via /servlets/StatusUpdateServlet and /servlets/AgentActionServlet
  • DDI-VRT-2018-04 – Multiple Unauthenticated Blind SQL Injections via /embedWidget
  • DDI-VRT-2018-05 – Unauthenticated XML External Entity Injection via /SNMPDiscoveryURL
  • DDI-VRT-2018-06 – Unauthenticated Blind SQL Injection via /unauthenticatedservlets/
    ELARequestHandler and /unauthenticatedservlets/
    NPMRequestHandler
  • DDI-VRT-2018-07 – User Enumeration via /servlets/ConfServlet
OpManager 12.3 (Build 123002)

Firewall Analyzer 12.3 (Build 12.3.008)

Network Configuration Manager 12.3 (Build 12.3.008)

OpUtils 12.3 (Build 12.3.005)

NetFlow Analyzer 12.3 (Build 12.3.009)

Download the latest OpManager service pack: https://www.manageengine
.com/network-monitoring/service-packs.html
Download the latest Firewall Analyzer service pack: https://www.manageengine
.com/products/firewall/service-packs.html
Download the latest Network Configuration Managerservice pack: https://www.manageengine
.com/network-configuration-manager/upgradepack.html

Download the latest OpUtilsservice pack: https://www.manageengine
.com/products/oputils/service-packs.html

Download the latest NetFlow Analyzer service pack: https://www.manageengine
.com/products/netflow/service-packs.html

Para todos vocês clientes ACSoftware/ManageEngine entre em contato conosco caso precisem de apoio nosso time de suporte irá lhes auxiliar.

Suporte: (11) 4063 1007 – opção 2.

Forte Abraço.

Deixe um comentário