CVE-2020-28653

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
zohocorpmanageengine_opmanager
𝑥
< 12.5
zohocorpmanageengine_opmanager
12.5:build125000
zohocorpmanageengine_opmanager
12.5:build125002
zohocorpmanageengine_opmanager
12.5:build125100
zohocorpmanageengine_opmanager
12.5:build125101
zohocorpmanageengine_opmanager
12.5:build125102
zohocorpmanageengine_opmanager
12.5:build125108
zohocorpmanageengine_opmanager
12.5:build125110
zohocorpmanageengine_opmanager
12.5:build125111
zohocorpmanageengine_opmanager
12.5:build125112
zohocorpmanageengine_opmanager
12.5:build125113
zohocorpmanageengine_opmanager
12.5:build125114
zohocorpmanageengine_opmanager
12.5:build125116
zohocorpmanageengine_opmanager
12.5:build125117
zohocorpmanageengine_opmanager
12.5:build125118
zohocorpmanageengine_opmanager
12.5:build125120
zohocorpmanageengine_opmanager
12.5:build125121
zohocorpmanageengine_opmanager
12.5:build125123
zohocorpmanageengine_opmanager
12.5:build125124
zohocorpmanageengine_opmanager
12.5:build125125
zohocorpmanageengine_opmanager
12.5:build125136
zohocorpmanageengine_opmanager
12.5:build125137
zohocorpmanageengine_opmanager
12.5:build125139
zohocorpmanageengine_opmanager
12.5:build125140
zohocorpmanageengine_opmanager
12.5:build125143
zohocorpmanageengine_opmanager
12.5:build125144
zohocorpmanageengine_opmanager
12.5:build125145
zohocorpmanageengine_opmanager
12.5:build125156
zohocorpmanageengine_opmanager
12.5:build125157
zohocorpmanageengine_opmanager
12.5:build125158
zohocorpmanageengine_opmanager
12.5:build125159
zohocorpmanageengine_opmanager
12.5:build125161
zohocorpmanageengine_opmanager
12.5:build125163
zohocorpmanageengine_opmanager
12.5:build125174
zohocorpmanageengine_opmanager
12.5:build125175
zohocorpmanageengine_opmanager
12.5:build125176
zohocorpmanageengine_opmanager
12.5:build125177
zohocorpmanageengine_opmanager
12.5:build125178
zohocorpmanageengine_opmanager
12.5:build125180
zohocorpmanageengine_opmanager
12.5:build125181
zohocorpmanageengine_opmanager
12.5:build125192
zohocorpmanageengine_opmanager
12.5:build125193
zohocorpmanageengine_opmanager
12.5:build125194
zohocorpmanageengine_opmanager
12.5:build125195
zohocorpmanageengine_opmanager
12.5:build125196
zohocorpmanageengine_opmanager
12.5:build125197
zohocorpmanageengine_opmanager
12.5:build125198
zohocorpmanageengine_opmanager
12.5:build125201
zohocorpmanageengine_opmanager
12.5:build125204
zohocorpmanageengine_opmanager
12.5:build125212
zohocorpmanageengine_opmanager
12.5:build125213
zohocorpmanageengine_opmanager
12.5:build125214
zohocorpmanageengine_opmanager
12.5:build125215
zohocorpmanageengine_opmanager
12.5:build125216
zohocorpmanageengine_opmanager
12.5:build125228
zohocorpmanageengine_opmanager
12.5:build125229
zohocorpmanageengine_opmanager
12.5:build125230
zohocorpmanageengine_opmanager
12.5:build125231
zohocorpmanageengine_opmanager
12.5:build125232
𝑥
= Vulnerable software versions