Rewterz Threat Advisory – CVE-2020-13818 – ManageEngine OpManager directory traversal

Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery

June 9, 2020

Rewterz Threat Advisory – CVE-2020-12019 – ICS: Advantech WebAccess Node

June 10, 2020

Rewterz Threat Advisory – CVE-2020-13818 – ManageEngine OpManager directory traversal

Severity

Medium

Analysis Summary

ManageEngine OpManager could allow a remote attacker to traverse directories on the system, caused by an error when “” is used. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

Exposure of sensitive information

Affected Vendors

ManageEngine

Affected Products

ManageEngine OpManager 12.4
ManageEngine OpManager 12.5

Remediation

Upgrade to the latest version of OpManager (12.5 or later).

Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery

Rewterz Threat Advisory – CVE-2020-12019 – ICS: Advantech WebAccess Node

Rewterz Threat Advisory – CVE-2020-13818 – ManageEngine OpManager directory traversal

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan