CVE-2020-12116

Опубликовано: 07 мая 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

Ссылки

https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Vendor Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

Версия до 12.3 (включая)

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124023:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124025:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124026:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124027:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124030:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124033:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124037:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124039:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124040:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124041:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124042:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124043:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124051:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124053:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124054:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124056:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124058:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124065:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124066:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124067:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124069:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124070:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124071:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124072:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124074:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124075:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124081:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124082:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124085:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124086:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124087:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124089:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124095:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124096:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124097:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124098:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124099:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124168:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124169:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124175:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124176:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124178:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124181:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124182:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124183:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124189:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124190:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124191:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91736

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-6wrg-vw54-78h2

github

больше 3 лет назад