Vulnerabilities > CVE-2020-10541 - Unspecified vulnerability in Zohocorp Manageengine Opmanager

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zohocorp

critical

NVD

Published: 2020-03-13

Updated: 2021-07-21

Summary

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Opmanager - Zohocorp Manageengine Opmanager 8 Zohocorp Manageengine Opmanager 11.4 Zohocorp Manageengine Opmanager 11.5 Zohocorp Manageengine Opmanager 12.2 Zohocorp Manageengine Opmanager 12.3 Zohocorp Manageengine Opmanager 12.4	513

References

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125108