# Security Updates - CVE-2020-12116

## CVE-2020-12116

### Path Traversal vulnerability

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: NA** |
| Reported | 22th April 2020 |
| Reported by | R.J. McDown, an independent security researcher |
| Fixed | 29th April 2020 |
| Affected Builds | → Builds till 124195<br>→ Builds 125000 - 125124 |
| Fixed in | Builds 124196/125125 |
| Overview | Path Traversal vulnerability in URLs starting with <cachestart> |
| **Recommended Fix** | **→ For builds till 124195, please upgrade to [OpUtils version 12.4.196](https://www.manageengine.com/products/oputils/service-packs.html?12116cve) or above.**<br><br>**→ For builds 125000 - 125124, please upgrade to [OpUtils version 12.5.125](https://www.manageengine.com/network-monitoring/29809517/ManageEngine_OpManager_12_0_SP-5_1_2_5.ppm).** |

### Description

A path traversal vulnerability was recently reported, which enabled unrestricted access to any file in the product directory. This has been fixed.

We recommend that you upgrade to [OpUtils version 12.4.196](https://www.manageengine.com/products/oputils/service-packs.html?12116cve) / [OpUtils version 12.5.125](https://www.manageengine.com/network-monitoring/29809517/ManageEngine_OpManager_12_0_SP-5_1_2_5.ppm) (for builds 125000 - 125124) or contact our support team at [oputils-support@manageengine.com](mailto:oputils-support@manageengine.com) to fix this issue.

**Source and Acknowledgements**

Find out more about CVE-2020-12116 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12116).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [oputils-support@manageengine.com](mailto:oputils-support@manageengine.com)