This page contains a list of all security vulnerabilities fixed in OpUtils along with its CVE id and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
---|---|---|---|---|
CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 125220/125314 | Download |
CVE-2020-28653 | Unauthenticated Remote Code Execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet. | High | 125203 / 125218 | |
CVE-2020-13818 | Directory Traversal validation was being bypassed when using <cachestart>. | High | 125144 | |
CVE-2020-12116 | Path Traversal vulnerability | High | 124196/125125 | |
CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 124188/125120 | |
CVE-2020-11527 | File read vulnerability in Arbitrary file | High | 124181 | |
CVE-2020-10541 | The obsolete code causing Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs have been removed. | High | 124172 | |
CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file | Medium | 124079 and 124099 | |
Internal | An operator user could access some restricted folders by bypassing the session. | High | 123241 | |
CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 | |
CVE-2018-17283 | The 'oputilsServlet' which was previously unauthenticated has now been removed. | High | 123196 | |
CVE-2018-12997, CVE-2018-12998 | It allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | High | 123169 |