CVE-2021-3287

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

 

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 21st January 2021
Reported by Johannes Mortiz, an independent Security researcher
Fixed 8th Feb, 2021
Affected Builds Builds 125219 and below
Fixed in Builds 125220/125314
Overview Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
Recommended Fix Upgrade to NCM Version 12.5.220 or above.
Contact our support team (ncm-support@manageengine.com) in case of queries.

 

Description

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you upgrade to NCM Version 12.5.220 or contact our support team at ncm-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2021-3287 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at ncm-support@manageengine.com.