Intrusion PreventionManageEngine.OpManager.Spark.Gateway.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Zoho Corporation ManageEngine OpManager.
This vulnerability is due to improper validation of user input in the request URI. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in denial of service conditions.
Affected Products
Zoho Corporation Manage Engine OpManager builds below 125346
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-09 | 25.618 | Name:Zoho. ManageEngine. OpManager. Spark. Gateway. Directory. Traversal:ManageEngine. OpManager. Spark. Gateway. Directory. Traversal |
| 2021-05-11 | 18.076 | Default_action:pass:drop |
| 2021-05-03 | 18.071 |
| ID | 50235 |
| Created | Apr 22, 2021 |
| Updated | Aug 08, 2023 |
| Risk |
|
| CVE ID | CVE-2021-20078 |
| Exploit Prediction Score | 14.2% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |