CVE-2020-11527

Опубликовано: 04 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

Ссылки

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#124181
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#124181
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

Версия до 12.4 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124023:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124025:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124026:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124027:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124030:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124033:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124037:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124039:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124040:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124041:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124042:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124043:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124051:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124053:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124054:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124056:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124058:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124065:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124066:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124067:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124069:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124070:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124071:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124074:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124075:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124081:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124082:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124085:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124086:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124087:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124089:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124095:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124096:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124097:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124098:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124099:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124168:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124169:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124175:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124176:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124178:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13621

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-x3qp-94wv-26rv

github

больше 3 лет назад