Vulnerability Fixes:
- The SQL injection vulnerability in ‘getDeviceCompleteDetails’ and ‘getAssociatedCredentials’ API’s have been fixed.
- General : There was an SQL injection vulnerability in the Alarms section. This issue has been fixed.
- General : In Alarms, there was an XSS vulnerability in the Notes column. This issue has been fixed.
- General : Apache’s ‘commons-beanutils’ jar has been updated to version 1.9.3 due to ‘Remote Code Execution’ vulnerability in an older version. (Refer: CVE-2018-19403)
- General : Unauthenticated access to ‘DataMigrationServlet’ has been fixed. (Refer: CVE-2018-19403)
- General : The ‘Browser Cookie theft’ vulnerability has been fixed.
- The issue with NBAR application data in Wireless Controllers has been fixed.
- Missing I18N keys have been added for Chinese language.
Other recent articles in the same category
You may be interested in these other recent articles
Last Week’s Best ManageEngine Updates – Part 30
6 December 2023 | Nazim Nadir
ManageEngine is named a strong performer for 2023 in last week updates. There are also new updates to their suite of applications and they have…
Read moreLast Week’s Best ManageEngine Updates – Part 29
27 November 2023 | Nazim Nadir
Exciting news of ManageEngine Linkedin Live webinar has been announced alongside some application updates and the release of a new E-Book. Whether you’re new to…
Read moreLast Week’s Best ManageEngine Updates – Part 28
30 October 2023 | Nazim Nadir
Updates on stability have been made by ManageEngine to enhance your end-user experience with their products. Continue reading to learn which ManageEngine applications gain the…
Read more