Vulnerability Details : CVE-2020-11527
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Products affected by CVE-2020-11527
- cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124040:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124039:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124037:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124033:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124011:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124065:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124066:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:-:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124058:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124056:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124054:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124024:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124023:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124022:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124016:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124075:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124081:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124082:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124085:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124051:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124042:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124027:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124025:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124015:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124013:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124069:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124071:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124087:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124053:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124043:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124041:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124030:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124026:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124014:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124012:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124067:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124070:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124074:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124086:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124089:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124095:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124096:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124097:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124098:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124099:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124101:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124102:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124168:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124169:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124175:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124176:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124178:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11527
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11527
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2020-11527
-
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#124181
Read me | OpManager HelpVendor Advisory
Jump to