Security Updates - CVE-2021-3287 | ManageEngine OpManager Plus

CVE-2021-3287

Vulnerability Details
Impact	CVSS V3 rating: 10 (Critical)
Reported	21st January, 2021
Reported by	Johannes Mortiz, an independent Security researcher
Fixed	8th February, 2021
Affected Builds	Builds 125219 and below
Fixed in	Builds 125220/125314
Overview	Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
Recommended Fix	→ For builds 125219 and below, please upgrade to OpManager Plus Version 125220.

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you upgrade to OpManager Plus Version 125220 or contact our support team at itom-upgrades@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2021-3287 from the CVE dictionary.

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

Video Zone

Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.

Venkatesan Veerappan, IT Consultant
Mohd Jaffer Tawfiq Murtaja, Information Security officer from Al Ain sports club
Jonathan ManageEngine Customer
IT Admin from "Royal flying doctor service", Australia
Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.
Michael - Network & Tech, ManageEngine Customer
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
Donald Stewart, IT Manager from Crest Industries
John Rosser, MIS Manager - Yale Chase Equipment & Services
David Tremont, Associate Directory of Infrastructure,USA