PT-2021-13756 · Zoho · Manageengine Opmanager

Published

2021-04-01

Updated

2021-06-22

CVE-2021-20078

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Manage Engine OpManager versions prior to 125346

Description: The issue is related to a path traversal problem in the spark gateway component, allowing a remote attacker to delete any directory or directories on the operating system, resulting in a denial of service.

Recommendations: For versions prior to 125346, update to a version equal to or higher than 125346 to resolve the issue. As a temporary workaround, consider restricting access to the spark gateway component to minimize the risk of exploitation.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-20078

Affected Products

Manageengine Opmanager

PT-2021-13756 · Zoho · Manageengine Opmanager

CVE-2021-20078

Weakness Enumeration

Related Identifiers

Affected Products

References · 3