| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: NA |
| Reported | 22th April 2020 |
| Reported by | R.J. McDown, an independent security researcher |
| Fixed | 29th April, 2020 |
| Affected Builds |
→ Builds till 124195 → Builds 125000 - 125124 |
| Fixed in | Builds 124196/125125 |
| Overview | Path Traversal vulnerability in URLs starting with <cachestart> |
| Recommended Fix |
Upgrade to NCM Version 12.4.196 or above. For Builds 12.5.000 - 12.5.124, please upgrade to NCM Version 12.5.125. Contact our Support team (ncm-support@manageengine.com) in case of queries. |
A path traversal vulnerability was recently reported, which enabled unrestricted access to any file in the product directory. This has been fixed.
We recommend that you upgrade to NCM Version 12.4.196 and 12.5.125 or contact our support team to fix this issue.
Source and Acknowledgements
Find out more about CVE-2020-12116 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at ncm-support@manageengine.com.