# Security Updates - CVE-2020-11527 | ManageEngine OpUtils

## CVE-2020-11527

### Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: NA** |
| Reported | 14th January 2020 |
| Reported by | jacky.xing@dbappsecurity.com.cn |
| Fixed | 28th January 2020 |
| Affected Builds | Builds till 124180 |
| Fixed in | Build 124181 |
| Overview | File read vulnerability in Arbitrary file |
| **Recommended Fix** | **Upgrade to [OpUtils Version 12.4.181](https://www.manageengine.com/products/oputils/service-packs.html?124181cve) or above.** |

### Description

Previously, the users were able to read the Arbitrary file, which made it vulnerable. This file read vulnerability has been fixed.

We recommend that you [upgrade to OpUtils version 12.4.181 or above](https://www.manageengine.com/products/oputils/service-packs.html?124181cve) or contact our support team at [oputils-support@manageengine.com](mailto:oputils-support@manageengine.com) to fix this issue.

**Source and Acknowledgements**

Find out more about CVE-2020-11527 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11527).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [oputils-support@manageengine.com](mailto:oputils-support@manageengine.com).