The version of ManageEngine OpManager running on the remote web server is prior to 12.7.131. It therefore, has a vulnerability in the WebSocket endpoint that allows Cross-site WebSocket hijacking.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More