Vulnerability Details CVE-2020-28653
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.818
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233
- http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233
Products affected by CVE-2020-28653
-
cpe:2.3:a:zohocorp:manageengine_opmanager:-
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.3
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.4
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.4.179
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:8