| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (Critical) |
| Reported | 21st January, 2021 |
| Reported by | Johannes Mortiz, an independent Security researcher |
| Fixed | 8th February, 2021 |
| Affected Builds | → Builds 12.5.219 & below |
| Fixed in | Builds 12.5.220, 12.5.314, and 12.5.329 |
| Overview | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. |
| Recommended Fix | → For builds 125219 and below, please upgrade to NetFlow Analyzer Version 12.5.220. |
Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
We recommend that you upgrade to NetFlow Analyzer version 12.5.220 to fix this issue.
Source and Acknowledgements
Find out more about CVE-2021-3287 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com