Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-28653

5 documents5 sources

Severity

9.8CRITICAL

EPSS

93.0%

top 0.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Opmanager

Timeline

PublishedFeb 3

Latest updateMay 24

Description

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_opmanager< 12.5+1

🔴Vulnerability Details

GHSA

GHSA-hxf4-fh6h-hq94: Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (S↗2022-05-24

▶

CVEList

CVE-2020-28653: Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (S↗2021-02-03

▶

VulnCheck

Zoho ManageEngine OpManager Smart Update Manager Servlet Remote Code Execution↗2020

▶

💥Exploits & PoCs

Nuclei

ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization

▶