CVE-2021-20078

HIGH

Description

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

References

https://www.tenable.com/security/research/tra-2021-10

Details

Source: MITRE

Published: 2021-04-01

Updated: 2021-04-06

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 9.4

Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C

Impact Score: 9.2

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125111:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125112:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125114:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125118:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125120:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125121:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125123:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125124:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125125:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125136:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125137:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125143:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125144:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125145:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125156:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125157:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125158:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125159:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125161:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125163:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125174:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125175:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125176:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125177:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125178:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125180:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125181:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125192:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125193:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125194:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125195:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125196:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125197:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125198:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125201:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125204:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125212:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125213:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125214:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125215:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125216:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125228:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125229:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125230:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125231:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125232:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125233:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125312:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125323:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125324:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125326:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125328:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125329:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125340:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125341:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125342:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125343:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125344:*:*:*:*:*:*