Recently "Exploit Database" Group has identified WebNMS to be prone to 4 vulnerabilities. The details are available here.
We had got the steps below to seal these vulnerabilities in WebNMS.
(Note that each link is a document. It may require a day or two to complete all steps properly.
2. Ensure to authenticate all requests. Please check this page as how to do it.
Update on 11th July 2017: Change in GetChallengeServlet is NOT at all needed. This issue is now completely patched in bit.ly/hotfixppm25 Once you enable SHA-1 encryption of passwords, this issue will be patched. Hence if you had already compiled the previous GetChallengeServlet, ensure to compile (under WEB-INF/classes) the GetChallengeServlet in the ppm (servlets directory)
4. Disable FetchFileServlet by modifying WEB-INF/web.xml
link1 link2 (Accordingly comment those entries in web-header/web-footer files too)
Once the above steps are done and restarted, WebNMS will be free from the vulnerabilities.P.S.1. Ensure that you use 5.2 SP1 WebNMS + the 25th hotfix PPM and above
2. If you are using WebNMS java client, please contact nms-support@webnms.com in this regard.
Update on 11th July 2017: This issue is now completely patched (also in java client) in bit.ly/hotfixppm25 Once you enable SHA-1 encryption of passwords, this issue will be patched. 
Loading User Profile...