CVE-2021-20078 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
tenable	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
zohocorp	manageengine_opmanager	𝑥 < 12.5
zohocorp	manageengine_opmanager	12.5:build125000
zohocorp	manageengine_opmanager	12.5:build125002
zohocorp	manageengine_opmanager	12.5:build125100
zohocorp	manageengine_opmanager	12.5:build125101
zohocorp	manageengine_opmanager	12.5:build125102
zohocorp	manageengine_opmanager	12.5:build125108
zohocorp	manageengine_opmanager	12.5:build125110
zohocorp	manageengine_opmanager	12.5:build125111
zohocorp	manageengine_opmanager	12.5:build125112
zohocorp	manageengine_opmanager	12.5:build125113
zohocorp	manageengine_opmanager	12.5:build125114
zohocorp	manageengine_opmanager	12.5:build125116
zohocorp	manageengine_opmanager	12.5:build125117
zohocorp	manageengine_opmanager	12.5:build125118
zohocorp	manageengine_opmanager	12.5:build125120
zohocorp	manageengine_opmanager	12.5:build125121
zohocorp	manageengine_opmanager	12.5:build125123
zohocorp	manageengine_opmanager	12.5:build125124
zohocorp	manageengine_opmanager	12.5:build125125
zohocorp	manageengine_opmanager	12.5:build125136
zohocorp	manageengine_opmanager	12.5:build125137
zohocorp	manageengine_opmanager	12.5:build125139
zohocorp	manageengine_opmanager	12.5:build125140
zohocorp	manageengine_opmanager	12.5:build125143
zohocorp	manageengine_opmanager	12.5:build125144
zohocorp	manageengine_opmanager	12.5:build125145
zohocorp	manageengine_opmanager	12.5:build125156
zohocorp	manageengine_opmanager	12.5:build125157
zohocorp	manageengine_opmanager	12.5:build125158
zohocorp	manageengine_opmanager	12.5:build125159
zohocorp	manageengine_opmanager	12.5:build125161
zohocorp	manageengine_opmanager	12.5:build125163
zohocorp	manageengine_opmanager	12.5:build125174
zohocorp	manageengine_opmanager	12.5:build125175
zohocorp	manageengine_opmanager	12.5:build125176
zohocorp	manageengine_opmanager	12.5:build125177
zohocorp	manageengine_opmanager	12.5:build125178
zohocorp	manageengine_opmanager	12.5:build125180
zohocorp	manageengine_opmanager	12.5:build125181
zohocorp	manageengine_opmanager	12.5:build125192
zohocorp	manageengine_opmanager	12.5:build125193
zohocorp	manageengine_opmanager	12.5:build125194
zohocorp	manageengine_opmanager	12.5:build125195
zohocorp	manageengine_opmanager	12.5:build125196
zohocorp	manageengine_opmanager	12.5:build125197
zohocorp	manageengine_opmanager	12.5:build125198
zohocorp	manageengine_opmanager	12.5:build125201
zohocorp	manageengine_opmanager	12.5:build125204
zohocorp	manageengine_opmanager	12.5:build125212
zohocorp	manageengine_opmanager	12.5:build125213
zohocorp	manageengine_opmanager	12.5:build125214
zohocorp	manageengine_opmanager	12.5:build125215
zohocorp	manageengine_opmanager	12.5:build125216
zohocorp	manageengine_opmanager	12.5:build125228
zohocorp	manageengine_opmanager	12.5:build125229
zohocorp	manageengine_opmanager	12.5:build125230
zohocorp	manageengine_opmanager	12.5:build125231
zohocorp	manageengine_opmanager	12.5:build125232
zohocorp	manageengine_opmanager	12.5:build125233
zohocorp	manageengine_opmanager	12.5:build125312
zohocorp	manageengine_opmanager	12.5:build125323
zohocorp	manageengine_opmanager	12.5:build125324
zohocorp	manageengine_opmanager	12.5:build125326
zohocorp	manageengine_opmanager	12.5:build125328
zohocorp	manageengine_opmanager	12.5:build125329
zohocorp	manageengine_opmanager	12.5:build125340
zohocorp	manageengine_opmanager	12.5:build125341
zohocorp	manageengine_opmanager	12.5:build125342
zohocorp	manageengine_opmanager	12.5:build125343
zohocorp	manageengine_opmanager	12.5:build125344

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://www.tenable.com/security/research/tra-2021-10