Security Updates - CVE Database

CVE-2021-3287

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 21st January, 2021
Reported by Johannes Mortiz, an independent Security researcher
Fixed 8th February, 2021
Affected Builds → Builds 12.5.219 & below
Fixed in Builds 12.5.220, 12.5.314, and 12.5.329
Overview Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
Recommended Fix → For builds 125219 and below, please upgrade to NetFlow Analyzer Version 12.5.220.

 

Description

Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.

We recommend that you upgrade to NetFlow Analyzer version 12.5.220 to fix this issue.

Source and Acknowledgements

Find out more about CVE-2021-3287 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com