critical
9.4
CWE
22
Advisory Published
Updated

CVE-2021-20078: Path Traversal

First published: Thu Apr 01 2021(Updated: )

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

Credit: vulnreport@tenable.com

Affected SoftwareAffected VersionHow to fix
ManageEngine OpManager MSP<12.5
ManageEngine OpManager MSP=12.5-build125000
ManageEngine OpManager MSP=12.5-build125002
ManageEngine OpManager MSP=12.5-build125100
ManageEngine OpManager MSP=12.5-build125101
ManageEngine OpManager MSP=12.5-build125102
ManageEngine OpManager MSP=12.5-build125108
ManageEngine OpManager MSP=12.5-build125110
ManageEngine OpManager MSP=12.5-build125111
ManageEngine OpManager MSP=12.5-build125112
ManageEngine OpManager MSP=12.5-build125113
ManageEngine OpManager MSP=12.5-build125114
ManageEngine OpManager MSP=12.5-build125116
ManageEngine OpManager MSP=12.5-build125117
ManageEngine OpManager MSP=12.5-build125118
ManageEngine OpManager MSP=12.5-build125120
ManageEngine OpManager MSP=12.5-build125121
ManageEngine OpManager MSP=12.5-build125123
ManageEngine OpManager MSP=12.5-build125124
ManageEngine OpManager MSP=12.5-build125125
ManageEngine OpManager MSP=12.5-build125136
ManageEngine OpManager MSP=12.5-build125137
ManageEngine OpManager MSP=12.5-build125139
ManageEngine OpManager MSP=12.5-build125140
ManageEngine OpManager MSP=12.5-build125143
ManageEngine OpManager MSP=12.5-build125144
ManageEngine OpManager MSP=12.5-build125145
ManageEngine OpManager MSP=12.5-build125156
ManageEngine OpManager MSP=12.5-build125157
ManageEngine OpManager MSP=12.5-build125158
ManageEngine OpManager MSP=12.5-build125159
ManageEngine OpManager MSP=12.5-build125161
ManageEngine OpManager MSP=12.5-build125163
ManageEngine OpManager MSP=12.5-build125174
ManageEngine OpManager MSP=12.5-build125175
ManageEngine OpManager MSP=12.5-build125176
ManageEngine OpManager MSP=12.5-build125177
ManageEngine OpManager MSP=12.5-build125178
ManageEngine OpManager MSP=12.5-build125180
ManageEngine OpManager MSP=12.5-build125181
ManageEngine OpManager MSP=12.5-build125192
ManageEngine OpManager MSP=12.5-build125193
ManageEngine OpManager MSP=12.5-build125194
ManageEngine OpManager MSP=12.5-build125195
ManageEngine OpManager MSP=12.5-build125196
ManageEngine OpManager MSP=12.5-build125197
ManageEngine OpManager MSP=12.5-build125198
ManageEngine OpManager MSP=12.5-build125201
ManageEngine OpManager MSP=12.5-build125204
ManageEngine OpManager MSP=12.5-build125212
ManageEngine OpManager MSP=12.5-build125213
ManageEngine OpManager MSP=12.5-build125214
ManageEngine OpManager MSP=12.5-build125215
ManageEngine OpManager MSP=12.5-build125216
ManageEngine OpManager MSP=12.5-build125228
ManageEngine OpManager MSP=12.5-build125229
ManageEngine OpManager MSP=12.5-build125230
ManageEngine OpManager MSP=12.5-build125231
ManageEngine OpManager MSP=12.5-build125232
ManageEngine OpManager MSP=12.5-build125233
ManageEngine OpManager MSP=12.5-build125312
ManageEngine OpManager MSP=12.5-build125323
ManageEngine OpManager MSP=12.5-build125324
ManageEngine OpManager MSP=12.5-build125326
ManageEngine OpManager MSP=12.5-build125328
ManageEngine OpManager MSP=12.5-build125329
ManageEngine OpManager MSP=12.5-build125340
ManageEngine OpManager MSP=12.5-build125341
ManageEngine OpManager MSP=12.5-build125342
ManageEngine OpManager MSP=12.5-build125343
ManageEngine OpManager MSP=12.5-build125344

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-20078?

    CVE-2021-20078 is classified as a critical vulnerability due to its potential for causing a remote denial of service.

  • How do I fix CVE-2021-20078?

    To fix CVE-2021-20078, update Manage Engine OpManager to the latest build above 125346.

  • What types of attacks can be executed using CVE-2021-20078?

    An attacker can exploit CVE-2021-20078 to remotely delete directories on the operating system.

  • Which versions of Manage Engine OpManager are affected by CVE-2021-20078?

    CVE-2021-20078 affects all Manage Engine OpManager builds below 125346.

  • Is there any workaround for CVE-2021-20078 if I cannot update immediately?

    The recommended action is to update to a secure build, as there are no official workarounds for CVE-2021-20078.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203