CVE-2020-12116

EPSS 90.53%
Published 07.05.2020 20:15:12
Last modified 21.11.2024 04:59:16
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Opmanager Version <= 12.3

Zohocorp ≫ Manageengine Opmanager Version12.4 Update-

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124000

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124011

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124012

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124013

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124014

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124015

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124016

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124022

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124023

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124024

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124025

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124026

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124027

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124030

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124033

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124037

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124039

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124040

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124041

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124042

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124043

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124051

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124053

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124054

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124056

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124058

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124065

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124066

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124067

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124069

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124070

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124071

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124072

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124074

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124075

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124081

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124082

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124085

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124086

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124087

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124089

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124095

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124096

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124097

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124098

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124099

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124100

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124101

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124102

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124168

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124169

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124175

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124176

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124178

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124181

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124182

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124183

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124189

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124190

Zohocorp ≫ Manageengine Opmanager Version12.4 Updatebuild124191

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125000

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125002

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125100

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125101

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125102

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125108

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125110

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125111

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125112

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125113

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125114

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125116

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125117

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125118

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125120

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125121

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125123

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125124

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	90.53%	0.995

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.manageengine.com/network-monitoring/help/read-me-complete.html

Vendor Advisory

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12116

EUVD