CVE-2021-3287

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 21st January, 2021
Reported by Johannes Mortiz, an independent Security researcher
Fixed 8th February, 2021
Affected Builds → Builds 125219 and below
Fixed in Builds 125220/125314
Overview Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
Recommended Fix

→ For builds 125219 and below, please upgrade to OpUtils version 125220

 

Description 

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you upgrade to OpUtils version 125220 or contact our support team at oputils-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2020-28653 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at oputils-support@manageengine.com