CVE-2021-3287

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
zohocorpmanageengine_opmanager
𝑥
< 12.5
zohocorpmanageengine_opmanager
12.5
zohocorpmanageengine_opmanager
12.5:build125000
zohocorpmanageengine_opmanager
12.5:build125002
zohocorpmanageengine_opmanager
12.5:build125100
zohocorpmanageengine_opmanager
12.5:build125101
zohocorpmanageengine_opmanager
12.5:build125102
zohocorpmanageengine_opmanager
12.5:build125108
zohocorpmanageengine_opmanager
12.5:build125110
zohocorpmanageengine_opmanager
12.5:build125111
zohocorpmanageengine_opmanager
12.5:build125112
zohocorpmanageengine_opmanager
12.5:build125113
zohocorpmanageengine_opmanager
12.5:build125114
zohocorpmanageengine_opmanager
12.5:build125116
zohocorpmanageengine_opmanager
12.5:build125117
zohocorpmanageengine_opmanager
12.5:build125118
zohocorpmanageengine_opmanager
12.5:build125120
zohocorpmanageengine_opmanager
12.5:build125121
zohocorpmanageengine_opmanager
12.5:build125123
zohocorpmanageengine_opmanager
12.5:build125124
zohocorpmanageengine_opmanager
12.5:build125125
zohocorpmanageengine_opmanager
12.5:build125136
zohocorpmanageengine_opmanager
12.5:build125137
zohocorpmanageengine_opmanager
12.5:build125139
zohocorpmanageengine_opmanager
12.5:build125140
zohocorpmanageengine_opmanager
12.5:build125143
zohocorpmanageengine_opmanager
12.5:build125144
zohocorpmanageengine_opmanager
12.5:build125145
zohocorpmanageengine_opmanager
12.5:build125156
zohocorpmanageengine_opmanager
12.5:build125157
zohocorpmanageengine_opmanager
12.5:build125158
zohocorpmanageengine_opmanager
12.5:build125159
zohocorpmanageengine_opmanager
12.5:build125161
zohocorpmanageengine_opmanager
12.5:build125163
zohocorpmanageengine_opmanager
12.5:build125174
zohocorpmanageengine_opmanager
12.5:build125175
zohocorpmanageengine_opmanager
12.5:build125176
zohocorpmanageengine_opmanager
12.5:build125177
zohocorpmanageengine_opmanager
12.5:build125178
zohocorpmanageengine_opmanager
12.5:build125180
zohocorpmanageengine_opmanager
12.5:build125181
zohocorpmanageengine_opmanager
12.5:build125192
zohocorpmanageengine_opmanager
12.5:build125193
zohocorpmanageengine_opmanager
12.5:build125194
zohocorpmanageengine_opmanager
12.5:build125195
zohocorpmanageengine_opmanager
12.5:build125196
zohocorpmanageengine_opmanager
12.5:build125197
zohocorpmanageengine_opmanager
12.5:build125198
zohocorpmanageengine_opmanager
12.5:build125201
zohocorpmanageengine_opmanager
12.5:build125204
zohocorpmanageengine_opmanager
12.5:build125212
zohocorpmanageengine_opmanager
12.5:build125213
zohocorpmanageengine_opmanager
12.5:build125214
zohocorpmanageengine_opmanager
12.5:build125215
zohocorpmanageengine_opmanager
12.5:build125216
zohocorpmanageengine_opmanager
12.5:build125228
zohocorpmanageengine_opmanager
12.5:build125229
zohocorpmanageengine_opmanager
12.5:build125230
zohocorpmanageengine_opmanager
12.5:build125231
zohocorpmanageengine_opmanager
12.5:build125232
zohocorpmanageengine_opmanager
12.5:build125233
zohocorpmanageengine_opmanager
12.5:build125312
zohocorpmanageengine_opmanager
12.5:build125323
zohocorpmanageengine_opmanager
12.5:build125324
zohocorpmanageengine_opmanager
12.5:build125326
zohocorpmanageengine_opmanager
12.5:build125328
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125329
http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125329