Site icon API Security Blog

ManageEngine OpManager 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine OpManager running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attacker can retrieve the API key of a valid user and access external APIs.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version