CVE-2020-11946
First published: Mon Apr 20 2020(Updated: )
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp ManageEngine OpManager | =12.5-build125000 | |
| Zohocorp ManageEngine OpManager | =12.5-build125002 | |
| Zohocorp ManageEngine OpManager | =12.5-build125100 | |
| Zohocorp ManageEngine OpManager | =12.5-build125101 | |
| Zohocorp ManageEngine OpManager | =12.5-build125102 | |
| Zohocorp ManageEngine OpManager | =12.5-build125108 | |
| Zohocorp ManageEngine OpManager | =12.5-build125110 | |
| Zohocorp ManageEngine OpManager | =12.5-build125111 | |
| Zohocorp ManageEngine OpManager | =12.5-build125112 | |
| Zohocorp ManageEngine OpManager | =12.5-build125113 | |
| Zohocorp ManageEngine OpManager | =12.5-build125114 | |
| Zohocorp ManageEngine OpManager | =12.5-build125116 | |
| Zohocorp ManageEngine OpManager | =12.5-build125117 | |
| Zohocorp ManageEngine OpManager | =12.5-build125118 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11946?
CVE-2020-11946 is a vulnerability in Zoho ManageEngine OpManager before 125120 that allows an unauthenticated user to retrieve an API key via a servlet call.
What is the severity of CVE-2020-11946?
The severity of CVE-2020-11946 is high with a CVSS score of 7.5.
How does CVE-2020-11946 affect Zoho ManageEngine OpManager?
CVE-2020-11946 affects Zoho ManageEngine OpManager versions 12.5-build125000 to 12.5-build125118.
How can an unauthenticated user retrieve an API key in Zoho ManageEngine OpManager?
An unauthenticated user can retrieve an API key in Zoho ManageEngine OpManager by making a servlet call.
How can I fix CVE-2020-11946 in Zoho ManageEngine OpManager?
To fix CVE-2020-11946 in Zoho ManageEngine OpManager, update to version 12.5-build125120 or later.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zohocorp manageengine opmanager
- version/zohocorp manageengine opmanager/12.5-build125000
- version/zohocorp manageengine opmanager/12.5-build125002
- version/zohocorp manageengine opmanager/12.5-build125100
- version/zohocorp manageengine opmanager/12.5-build125101
- version/zohocorp manageengine opmanager/12.5-build125102
- version/zohocorp manageengine opmanager/12.5-build125108
- version/zohocorp manageengine opmanager/12.5-build125110
- version/zohocorp manageengine opmanager/12.5-build125111
- version/zohocorp manageengine opmanager/12.5-build125112
- version/zohocorp manageengine opmanager/12.5-build125113
- version/zohocorp manageengine opmanager/12.5-build125114
- version/zohocorp manageengine opmanager/12.5-build125116
- version/zohocorp manageengine opmanager/12.5-build125117
- version/zohocorp manageengine opmanager/12.5-build125118