CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

CVSS v3 9.1 CRITICAL
CVSS v2.0 9.4 HIGH

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.4^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 10.0 / Impact : 9.2

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.tenable.com/security/research/tra-2021-10	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-10	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_opmanager::::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324::::::
	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343::::::
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344::::::

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/research/tra-2021-10 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2021-10 - Exploit, Third Party Advisory

22 Jun 2021, 17:29

Type	Values Removed	Values Added
CPE	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125145:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125120:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125136:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125118:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125140:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125143:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125125:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125156:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125124:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125117:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125121:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125123:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125139:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125144:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:125137::::::	cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:::::: cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118::::::

Information

Published : 2021-04-01 19:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20078

Mitre link : CVE-2021-20078

CVE.ORG link : CVE-2021-20078

JSON object : View

Products Affected

zohocorp

manageengine_opmanager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-20078

9.1^/10

9.4^/10

Attach tags to `CVE-2021-20078`