# Security Updates - CVE-2021-3287 | ManageEngine OpManager

## CVE-2021-3287

### Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: 10 (Critical)** |
| Reported | 21st January, 2021 |
| Reported by | Johannes Mortiz, an independent Security researcher |
| Fixed | 8th February, 2021 |
| Affected Builds | Builds 125219 and below |
| Fixed in | Builds 125220/125314 |
| Overview | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. |
| Recommended Fix | **→ For builds 125219 and below, please upgrade to** **[OpManager Version 125220.](https://www.manageengine.com/network-monitoring/service-packs.html?125220)** |

### Description

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you [upgrade to OpManager Version 125220](https://www.manageengine.com/network-monitoring/service-packs.html?125220) or contact our support team at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com) to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2021-3287 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2021-3287).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).