| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (Critical) |
| Reported | 21st January 2021 |
| Reported by | Johannes Mortiz, an independent Security researcher |
| Fixed | 8th Feb, 2021 |
| Affected Builds | Builds 125219 and below |
| Fixed in | Builds 125220/125314 |
| Overview | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. |
| Recommended Fix | Upgrade to NCM Version 12.5.220 or above. Contact our support team (ncm-support@manageengine.com) in case of queries. |
Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
We recommend that you upgrade to NCM Version 12.5.220 or contact our support team at ncm-support@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2021-3287 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at ncm-support@manageengine.com.