cvelistv5 - CVE-2020-28653

CVE-2020-28653 (GCVE-0-2020-28653)

Vulnerability from cvelistv5 – Published: 2021-02-03 16:00 – Updated: 2024-08-04 16:40

Summary

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.manageengine.com/network-monitoring/h…	x_refsource_CONFIRM
	https://www.manageengine.com/network-monitoring/h…	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/164231/Manag…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T23:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233",
              "refsource": "CONFIRM",
              "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
            },
            {
              "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203",
              "refsource": "CONFIRM",
              "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
            },
            {
              "name": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28653",
    "datePublished": "2021-02-03T16:00:18",
    "dateReserved": "2020-11-16T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.5\", \"matchCriteriaId\": \"0026FC79-6554-4B68-89EB-D7A8422C7406\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*\", \"matchCriteriaId\": \"94F878CC-E691-41E9-A90D-72EA25038963\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1EA156-BD95-4AAA-B688-0CD62CCDB60A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*\", \"matchCriteriaId\": \"8033E51C-D261-4A12-96CD-AE1F13BFD2AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EE1E1E6-ED1C-443A-A576-AD47D65082B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E283214-CE6A-4CD6-9E9B-7BF09C37447D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FF84A5E-C43B-4637-B725-1087D2057EED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*\", \"matchCriteriaId\": \"25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*\", \"matchCriteriaId\": \"46E32091-F91D-4706-A4F9-DC658CF36A6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC7D1106-6708-4A84-A077-286376C72AB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*\", \"matchCriteriaId\": \"071B3368-D7C2-4EE1-808F-1F4A3C3A4756\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E9D5882-91D6-4E9D-AD8B-F3861D987826\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*\", \"matchCriteriaId\": \"17931D40-369C-430F-B5ED-FAF69FAA0E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*\", \"matchCriteriaId\": \"02B4D022-BC43-4041-BA2B-60A6D42AD150\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*\", \"matchCriteriaId\": \"15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ED17849-BC14-4996-9DF9-7645B1E17374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*\", \"matchCriteriaId\": \"D91F6CC5-EDBE-420F-8871-03B8D10254B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*\", \"matchCriteriaId\": \"E82C682C-9F61-45B7-B934-8D6DDBA792AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FC7728B-9FFC-4A8F-BE24-926B8C2823AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*\", \"matchCriteriaId\": \"78BE6CCE-706E-436B-A6E6-26E7D044B209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD54A67-C531-4642-90D4-C6E402D55AC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DF164BD-EF39-42E2-807D-F298D68A8D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D85766D-1BAC-4477-96D6-EA989D392128\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*\", \"matchCriteriaId\": \"16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D18E27-EE06-4555-A675-1BAC7D3DD8E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FEFDFF7-5538-4C53-922A-A5E71A0D643E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*\", \"matchCriteriaId\": \"02463016-7156-470F-8535-EF4C7E150546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DEB616C-2DDC-4138-B6FC-8B2680D35485\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*\", \"matchCriteriaId\": \"D51E7B22-9293-4086-B143-2D279597A5CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB4D8585-6109-45C0-94B4-667D11F0509F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*\", \"matchCriteriaId\": \"97CB62BA-09FA-446D-A8CF-958980B67F13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*\", \"matchCriteriaId\": \"F871111C-4B61-4C50-ABDA-78D8D988DCD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*\", \"matchCriteriaId\": \"9950CFB9-FCDE-4696-97AF-251467270375\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*\", \"matchCriteriaId\": \"B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BCA911-733C-4F8C-B3CD-22F3E6CA1F38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1281E75-AC6D-4077-9207-7CA7E5BCB1CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC052CBA-2B37-4E84-978D-36185EE1A3A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*\", \"matchCriteriaId\": \"72CC7428-8DD0-45DB-8D80-C02CD9B6CB65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C1691B0-FA38-4A29-8D49-D99A675C122A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*\", \"matchCriteriaId\": \"194ACE61-101D-40C3-9377-12039533AB45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*\", \"matchCriteriaId\": \"86428D44-03BC-4528-ADB5-3AC05231759D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*\", \"matchCriteriaId\": \"B694D0FC-320A-44F9-9FFB-0706CDD3004C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE298317-10EE-4A34-B4D0-8D03B727A75B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0A1B243-163D-461B-BEAB-81E6E2DB36EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E86C3A0-700E-4CB2-AFDC-F203C61D413C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*\", \"matchCriteriaId\": \"A550184D-13BD-4F2A-9DE5-AC66B496FFC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*\", \"matchCriteriaId\": \"538BCF38-69B6-4686-B1F1-82B10175CCBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*\", \"matchCriteriaId\": \"F29A6AE3-B864-4552-9BE9-074CB6935B07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CD2AB8D-F638-48E0-A5D6-1E969F9998B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*\", \"matchCriteriaId\": \"76528168-A54D-4398-B558-6DC27ACCBFBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C1DCA3B-41B8-402B-B5E8-2C3494C36B77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*\", \"matchCriteriaId\": \"531A9E5C-9C45-4982-8ADE-5B41CE5F5B48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA70F031-A7EF-49F5-A1F6-C3DD33198D86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DF093BF-830B-4C9A-A4B2-41C7811E4EFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2176672-0E34-4B46-9202-483F1D315836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*\", \"matchCriteriaId\": \"94AF723B-F1B7-44A8-B654-7C10881A6AF8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.\"}, {\"lang\": \"es\", \"value\": \"Zoho ManageEngine OpManager Stable build anterior a 125203 (y compilaci\\u00f3n Publicada anterior a 125233) permite una ejecuci\\u00f3n de c\\u00f3digo remota por medio del servlet Smart Update Manager (SUM)\"}]",
      "id": "CVE-2020-28653",
      "lastModified": "2024-11-21T05:23:06.663",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-03T16:15:13.557",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28653\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-02-03T16:15:13.557\",\"lastModified\":\"2024-11-21T05:23:06.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.\"},{\"lang\":\"es\",\"value\":\"Zoho ManageEngine OpManager Stable build anterior a 125203 (y compilaci\u00f3n Publicada anterior a 125233) permite una ejecuci\u00f3n de c\u00f3digo remota por medio del servlet Smart Update Manager (SUM)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5\",\"matchCriteriaId\":\"0026FC79-6554-4B68-89EB-D7A8422C7406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F878CC-E691-41E9-A90D-72EA25038963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1EA156-BD95-4AAA-B688-0CD62CCDB60A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*\",\"matchCriteriaId\":\"8033E51C-D261-4A12-96CD-AE1F13BFD2AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE1E1E6-ED1C-443A-A576-AD47D65082B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E283214-CE6A-4CD6-9E9B-7BF09C37447D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FF84A5E-C43B-4637-B725-1087D2057EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*\",\"matchCriteriaId\":\"25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E32091-F91D-4706-A4F9-DC658CF36A6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC7D1106-6708-4A84-A077-286376C72AB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*\",\"matchCriteriaId\":\"071B3368-D7C2-4EE1-808F-1F4A3C3A4756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9D5882-91D6-4E9D-AD8B-F3861D987826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*\",\"matchCriteriaId\":\"17931D40-369C-430F-B5ED-FAF69FAA0E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B4D022-BC43-4041-BA2B-60A6D42AD150\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*\",\"matchCriteriaId\":\"15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ED17849-BC14-4996-9DF9-7645B1E17374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*\",\"matchCriteriaId\":\"D91F6CC5-EDBE-420F-8871-03B8D10254B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82C682C-9F61-45B7-B934-8D6DDBA792AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC7728B-9FFC-4A8F-BE24-926B8C2823AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BE6CCE-706E-436B-A6E6-26E7D044B209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD54A67-C531-4642-90D4-C6E402D55AC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF164BD-EF39-42E2-807D-F298D68A8D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D85766D-1BAC-4477-96D6-EA989D392128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D18E27-EE06-4555-A675-1BAC7D3DD8E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEFDFF7-5538-4C53-922A-A5E71A0D643E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*\",\"matchCriteriaId\":\"02463016-7156-470F-8535-EF4C7E150546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DEB616C-2DDC-4138-B6FC-8B2680D35485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*\",\"matchCriteriaId\":\"D51E7B22-9293-4086-B143-2D279597A5CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB4D8585-6109-45C0-94B4-667D11F0509F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CB62BA-09FA-446D-A8CF-958980B67F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*\",\"matchCriteriaId\":\"F871111C-4B61-4C50-ABDA-78D8D988DCD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*\",\"matchCriteriaId\":\"9950CFB9-FCDE-4696-97AF-251467270375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*\",\"matchCriteriaId\":\"B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BCA911-733C-4F8C-B3CD-22F3E6CA1F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1281E75-AC6D-4077-9207-7CA7E5BCB1CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC052CBA-2B37-4E84-978D-36185EE1A3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CC7428-8DD0-45DB-8D80-C02CD9B6CB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C1691B0-FA38-4A29-8D49-D99A675C122A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*\",\"matchCriteriaId\":\"194ACE61-101D-40C3-9377-12039533AB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*\",\"matchCriteriaId\":\"86428D44-03BC-4528-ADB5-3AC05231759D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*\",\"matchCriteriaId\":\"B694D0FC-320A-44F9-9FFB-0706CDD3004C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE298317-10EE-4A34-B4D0-8D03B727A75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A1B243-163D-461B-BEAB-81E6E2DB36EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E86C3A0-700E-4CB2-AFDC-F203C61D413C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*\",\"matchCriteriaId\":\"A550184D-13BD-4F2A-9DE5-AC66B496FFC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*\",\"matchCriteriaId\":\"538BCF38-69B6-4686-B1F1-82B10175CCBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29A6AE3-B864-4552-9BE9-074CB6935B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD2AB8D-F638-48E0-A5D6-1E969F9998B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*\",\"matchCriteriaId\":\"76528168-A54D-4398-B558-6DC27ACCBFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C1DCA3B-41B8-402B-B5E8-2C3494C36B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*\",\"matchCriteriaId\":\"531A9E5C-9C45-4982-8ADE-5B41CE5F5B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA70F031-A7EF-49F5-A1F6-C3DD33198D86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DF093BF-830B-4C9A-A4B2-41C7811E4EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2176672-0E34-4B46-9202-483F1D315836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*\",\"matchCriteriaId\":\"94AF723B-F1B7-44A8-B654-7C10881A6AF8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2021-73653

Vulnerability from cnvd - Published: 2021-09-26

Title

ZOHO ManageEngine OpManager远程代码执行漏洞

Description

ZOHO ManageEngine OpManager是美国卓豪（ZOHO）公司的一套网络、服务器及虚拟化监控软件。 Zoho ManageEngine OpManager Stable build before 125203存在安全漏洞，攻击者可利用该漏洞通过智能更新管理器(SUM) servlet远程执行代码。

Severity

高

Patch Name

ZOHO ManageEngine OpManager远程代码执行漏洞的补丁

Patch Description

ZOHO ManageEngine OpManager是美国卓豪（ZOHO）公司的一套网络、服务器及虚拟化监控软件。 Zoho ManageEngine OpManager Stable build before 125203存在安全漏洞，攻击者可利用该漏洞通过智能更新管理器(SUM) servlet远程执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-28653

Impacted products

Name
ZOHO ManageEngine OpManager <125203

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-28653",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-28653"
    }
  },
  "description": "ZOHO ManageEngine OpManager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u3001\u670d\u52a1\u5668\u53ca\u865a\u62df\u5316\u76d1\u63a7\u8f6f\u4ef6\u3002\n\nZoho ManageEngine OpManager Stable build before 125203\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u667a\u80fd\u66f4\u65b0\u7ba1\u7406\u5668(SUM) servlet\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-73653",
  "openTime": "2021-09-26",
  "patchDescription": "ZOHO ManageEngine OpManager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u3001\u670d\u52a1\u5668\u53ca\u865a\u62df\u5316\u76d1\u63a7\u8f6f\u4ef6\u3002\r\n\r\nZoho ManageEngine OpManager Stable build before 125203\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u667a\u80fd\u66f4\u65b0\u7ba1\u7406\u5668(SUM) servlet\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZOHO ManageEngine OpManager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZOHO ManageEngine OpManager \u003c125203"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-28653",
  "serverity": "\u9ad8",
  "submitTime": "2021-02-05",
  "title": "ZOHO ManageEngine OpManager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2020-28653

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Aliases

CVE-2020-28653

Aliases

CVE-2020-28653

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-28653",
    "description": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.",
    "id": "GSD-2020-28653",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-28653"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-28653"
      ],
      "details": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.",
      "id": "GSD-2020-28653",
      "modified": "2023-12-13T01:22:01.746964Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-28653",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233",
            "refsource": "CONFIRM",
            "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
          },
          {
            "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203",
            "refsource": "CONFIRM",
            "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
          },
          {
            "name": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28653"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
            },
            {
              "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
            },
            {
              "name": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-18T15:23Z",
      "publishedDate": "2021-02-03T16:15Z"
    }
  }
}

GHSA-HXF4-FH6H-HQ94

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40

Details

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-28653"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-03T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.",
  "id": "GHSA-hxf4-fh6h-hq94",
  "modified": "2022-05-24T17:40:47Z",
  "published": "2022-05-24T17:40:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28653"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-28653

Vulnerability from fkie_nvd - Published: 2021-02-03 16:15 - Updated: 2024-11-21 05:23

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203	Release Notes, Vendor Advisory
cve@mitre.org	https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
zohocorp	manageengine_opmanager	*
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5
zohocorp	manageengine_opmanager	12.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0026FC79-6554-4B68-89EB-D7A8422C7406",
              "versionEndExcluding": "12.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
              "matchCriteriaId": "94F878CC-E691-41E9-A90D-72EA25038963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
              "matchCriteriaId": "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
              "matchCriteriaId": "8033E51C-D261-4A12-96CD-AE1F13BFD2AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
              "matchCriteriaId": "9EE1E1E6-ED1C-443A-A576-AD47D65082B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
              "matchCriteriaId": "3E283214-CE6A-4CD6-9E9B-7BF09C37447D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
              "matchCriteriaId": "8FF84A5E-C43B-4637-B725-1087D2057EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
              "matchCriteriaId": "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
              "matchCriteriaId": "46E32091-F91D-4706-A4F9-DC658CF36A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
              "matchCriteriaId": "AC7D1106-6708-4A84-A077-286376C72AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
              "matchCriteriaId": "071B3368-D7C2-4EE1-808F-1F4A3C3A4756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
              "matchCriteriaId": "4E9D5882-91D6-4E9D-AD8B-F3861D987826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
              "matchCriteriaId": "17931D40-369C-430F-B5ED-FAF69FAA0E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
              "matchCriteriaId": "02B4D022-BC43-4041-BA2B-60A6D42AD150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
              "matchCriteriaId": "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
              "matchCriteriaId": "5ED17849-BC14-4996-9DF9-7645B1E17374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
              "matchCriteriaId": "D91F6CC5-EDBE-420F-8871-03B8D10254B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
              "matchCriteriaId": "E82C682C-9F61-45B7-B934-8D6DDBA792AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
              "matchCriteriaId": "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
              "matchCriteriaId": "78BE6CCE-706E-436B-A6E6-26E7D044B209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
              "matchCriteriaId": "8BD54A67-C531-4642-90D4-C6E402D55AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
              "matchCriteriaId": "9DF164BD-EF39-42E2-807D-F298D68A8D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
              "matchCriteriaId": "5D85766D-1BAC-4477-96D6-EA989D392128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
              "matchCriteriaId": "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
              "matchCriteriaId": "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
              "matchCriteriaId": "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
              "matchCriteriaId": "0FEFDFF7-5538-4C53-922A-A5E71A0D643E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
              "matchCriteriaId": "02463016-7156-470F-8535-EF4C7E150546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
              "matchCriteriaId": "8DEB616C-2DDC-4138-B6FC-8B2680D35485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
              "matchCriteriaId": "D51E7B22-9293-4086-B143-2D279597A5CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
              "matchCriteriaId": "BB4D8585-6109-45C0-94B4-667D11F0509F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
              "matchCriteriaId": "97CB62BA-09FA-446D-A8CF-958980B67F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
              "matchCriteriaId": "F871111C-4B61-4C50-ABDA-78D8D988DCD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
              "matchCriteriaId": "9950CFB9-FCDE-4696-97AF-251467270375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
              "matchCriteriaId": "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
              "matchCriteriaId": "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
              "matchCriteriaId": "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
              "matchCriteriaId": "CC052CBA-2B37-4E84-978D-36185EE1A3A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
              "matchCriteriaId": "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
              "matchCriteriaId": "0C1691B0-FA38-4A29-8D49-D99A675C122A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
              "matchCriteriaId": "194ACE61-101D-40C3-9377-12039533AB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
              "matchCriteriaId": "86428D44-03BC-4528-ADB5-3AC05231759D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
              "matchCriteriaId": "B694D0FC-320A-44F9-9FFB-0706CDD3004C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
              "matchCriteriaId": "BE298317-10EE-4A34-B4D0-8D03B727A75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
              "matchCriteriaId": "B0A1B243-163D-461B-BEAB-81E6E2DB36EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
              "matchCriteriaId": "5E86C3A0-700E-4CB2-AFDC-F203C61D413C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
              "matchCriteriaId": "A550184D-13BD-4F2A-9DE5-AC66B496FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
              "matchCriteriaId": "538BCF38-69B6-4686-B1F1-82B10175CCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
              "matchCriteriaId": "F29A6AE3-B864-4552-9BE9-074CB6935B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
              "matchCriteriaId": "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
              "matchCriteriaId": "76528168-A54D-4398-B558-6DC27ACCBFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
              "matchCriteriaId": "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
              "matchCriteriaId": "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
              "matchCriteriaId": "FA70F031-A7EF-49F5-A1F6-C3DD33198D86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
              "matchCriteriaId": "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
              "matchCriteriaId": "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
              "matchCriteriaId": "A2176672-0E34-4B46-9202-483F1D315836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
              "matchCriteriaId": "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
              "matchCriteriaId": "94AF723B-F1B7-44A8-B654-7C10881A6AF8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet."
    },
    {
      "lang": "es",
      "value": "Zoho ManageEngine OpManager Stable build anterior a 125203 (y compilaci\u00f3n Publicada anterior a 125233) permite una ejecuci\u00f3n de c\u00f3digo remota por medio del servlet Smart Update Manager (SUM)"
    }
  ],
  "id": "CVE-2020-28653",
  "lastModified": "2024-11-21T05:23:06.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-03T16:15:13.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125233"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-28653 (GCVE-0-2020-28653)

CNVD-2021-73653

GSD-2020-28653

GHSA-HXF4-FH6H-HQ94

FKIE_CVE-2020-28653

Tags

Sightings

Nomenclature