CVE-2021-20078

CVSS V2 High 9.4 CVSS V3 Critical 9.1
Description
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
Overview
  • CVE ID
  • CVE-2021-20078
  • Assigner
  • vulnreport@tenable.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-04-01T19:15:13
  • Last Modified Date
  • 2021-06-22T17:29:33
Weakness Enumerations
CWE URL
CWE-22 http://cwe.mitre.org/data/definitions/22.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* 1 OR 12.5
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.4
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 9.2
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 9.1
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.2
References
Reference URL Reference Tags
https://www.tenable.com/security/research/tra-2021-10 Exploit Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-20078
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20078
History
Created Old Value New Value Data Type Notes
2022-05-10 07:10:23 Added to TrackCVE
2022-12-06 00:51:13 2021-04-01T19:15Z 2021-04-01T19:15:13 CVE Published Date updated
2022-12-06 00:51:13 2021-06-22T17:29:33 CVE Modified Date updated
2022-12-06 00:51:13 Analyzed Vulnerability Status updated