Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery
June 9, 2020Rewterz Threat Advisory – CVE-2020-12019 – ICS: Advantech WebAccess Node
June 10, 2020Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery
June 9, 2020Rewterz Threat Advisory – CVE-2020-12019 – ICS: Advantech WebAccess Node
June 10, 2020Severity
Medium
Analysis Summary
ManageEngine OpManager could allow a remote attacker to traverse directories on the system, caused by an error when “” is used. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
Exposure of sensitive information
Affected Vendors
ManageEngine
Affected Products
- ManageEngine OpManager 12.4
- ManageEngine OpManager 12.5
Remediation
Upgrade to the latest version of OpManager (12.5 or later).