# Security Updates - CVE-2020-13818

## CVE-2020-13818

### Path Traversal vulnerability

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: NA** |
| Reported | 26th May 2020 |
| Reported by | Reported by Yazhi Wang of Trend Micro and zerodayinitiative |
| Fixed | June 01, 2020 |
| Affected Builds | Builds till 125143 |
| Fixed in | Builds 125144 |
| Overview | Directory Traversal validation was being bypassed when using `<cachestart>` |
| Recommended Fix | For Builds 12.5.143 please upgrade to [OpManager Version 12.5.144](https://downloads.zohocorp.com/dnd/OpManager/qOS2UXSx8J8LerD/ManageEngine_OpManager_12_0_SP-5_1_4_4.ppm). |

### Description

Directory Traversal validation was being bypassed when using `<cachestart>`. This issue has now been fixed.

We recommend that you [upgrade to OpManager Version 12.5.144](https://downloads.zohocorp.com/dnd/OpManager/qOS2UXSx8J8LerD/ManageEngine_OpManager_12_0_SP-5_1_4_4.ppm) or contact our support team at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com) to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2020-13818 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2020-13818).

### Need Help?

For clarification or corrections, please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).