CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-10 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*

Information

Published : 2021-04-01 12:15

Updated : 2021-06-22 10:29


NVD link : CVE-2021-20078

Mitre link : CVE-2021-20078


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_opmanager