Vulnerability Description
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Opmanager | < 12.5 |
References
- http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-DExploitThird Party AdvisoryVDB Entry
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#12520Release NotesVendor Advisory
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#12523Release NotesVendor Advisory
- http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-DExploitThird Party AdvisoryVDB Entry
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#12520Release NotesVendor Advisory
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html#12523Release NotesVendor Advisory
FAQ
What is CVE-2020-28653?
CVE-2020-28653 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
How severe is CVE-2020-28653?
CVE-2020-28653 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-28653?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Opmanager.