CVE-2020-28653

Exploit

EPSS 79.17%
Published 03.02.2021 16:15:13
Last modified 21.11.2024 05:23:06
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Opmanager Version < 12.5

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125000

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125002

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125100

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125101

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125102

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125108

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125110

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125111

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125112

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125113

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125114

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125116

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125117

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125118

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125120

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125121

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125123

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125124

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125125

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125136

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125137

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125139

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125140

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125143

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125144

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125145

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125156

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125157

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125158

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125159

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125161

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125163

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125174

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125175

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125176

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125177

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125178

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125180

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125181

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125192

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125193

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125194

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125195

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125196

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125197

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125198

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125201

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125204

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125212

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125213

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125214

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125215

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125216

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125228

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125229

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125230

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125231

Zohocorp ≫ Manageengine Opmanager Version12.5 Updatebuild125232

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	79.17%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html

Third Party Advisory

Exploit

VDB Entry

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203

Vendor Advisory

Release Notes

https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-28653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28653

EUVD