CVE-2021-20078

Exploit

EPSS 50.9%
Veröffentlicht 01.04.2021 19:15:13
Zuletzt bearbeitet 21.11.2024 05:45:53
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Opmanager Version < 12.5

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125000

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125002

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125100

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125101

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125102

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125108

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125110

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125111

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125112

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125113

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125114

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125116

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125117

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125118

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125120

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125121

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125123

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125124

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125125

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125136

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125137

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125139

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125140

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125143

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125144

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125145

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125156

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125157

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125158

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125159

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125161

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125163

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125174

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125175

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125176

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125177

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125178

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125180

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125181

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125192

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125193

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125194

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125195

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125196

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125197

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125198

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125201

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125204

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125212

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125213

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125214

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125215

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125216

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125228

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125229

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125230

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125231

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125232

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125233

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125312

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125323

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125324

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125326

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125328

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125329

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125340

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125341

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125342

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125343

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125344

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	50.9%	0.977

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	9.4	10	9.2	AV:N/AC:L/Au:N/C:N/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.tenable.com/security/research/tra-2021-10

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-20078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20078

EUVD