The OpManager running on the remote host is affected by an unauthenticated remote code execution vulnerability in the Smart Update Manager (SUM) servlet.
This plugin attempts to detect the issue by sending a serialized Java object to OpManager and looking for a TCP connection initiated from the remote host to the Nessus scanner. In some environments, the TCP SYN packet may not reach the scanner due to network controls. In this case, the plugin may not detect the issue.
Binary data manageengine_opmanager_cve-2020-28653.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
zohocorp | manageengine_opmanager | cpe:/a:zohocorp:manageengine_opmanager |