CVE-2021-20078

CWE-22 — Path Traversal3 documents3 sources

Severity

9.1CRITICAL

EPSS

55.2%

top 1.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Opmanager

Timeline

PublishedApr 1

Latest updateMay 24

Description

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDzohocorp/manageengine_opmanager< 12.5+1

▶CVEListV5manage_engine_opmanagerAll versions prior to version build 125346

🔴Vulnerability Details

GHSA

GHSA-3499-p3c4-fxgm: Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway↗2022-05-24

▶

CVEList

CVE-2021-20078: Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway↗2021-04-01

▶