What is CVE-2021-20078?

CVE-2021-20078 is a vulnerability in Manage Engine Opmanager. Published 2021-04-01.

Is CVE-2021-20078 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Manage Engine Opmanager

CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories…

EPSS: 0.552 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a Manage Engine Opmanager — versions All versions prior to version build 125346

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

www.tenable.com/security/research/tra-2021-10 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20078?: CVE-2021-20078 is a vulnerability in Manage Engine Opmanager. Published 2021-04-01.
Is CVE-2021-20078 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.