CVE-2020-10541 — Improper Input Validation in Manageengine Opmanager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.3%

top 15.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Opmanager

Timeline

PublishedMar 13

Latest updateMay 24

Description

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_opmanager< 12.4.179

🔴Vulnerability Details

GHSA

GHSA-77j2-fwwh-4r69: Zoho ManageEngine OpManager before 12↗2022-05-24

▶

CVEList

CVE-2020-10541: Zoho ManageEngine OpManager before 12↗2020-03-13

▶