Lucene search

K
nvd[email protected]NVD:CVE-2020-28653
HistoryFeb 03, 2021 - 4:15 p.m.

CVE-2020-28653

2021-02-0316:15:13
web.nvd.nist.gov
7
zoho opmanager
remote code execution
smart update manager.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.637

Percentile

97.9%

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Affected configurations

Nvd
Node
zohocorpmanageengine_opmanagerRange<12.5
OR
zohocorpmanageengine_opmanagerMatch12.5build125000
OR
zohocorpmanageengine_opmanagerMatch12.5build125002
OR
zohocorpmanageengine_opmanagerMatch12.5build125100
OR
zohocorpmanageengine_opmanagerMatch12.5build125101
OR
zohocorpmanageengine_opmanagerMatch12.5build125102
OR
zohocorpmanageengine_opmanagerMatch12.5build125108
OR
zohocorpmanageengine_opmanagerMatch12.5build125110
OR
zohocorpmanageengine_opmanagerMatch12.5build125111
OR
zohocorpmanageengine_opmanagerMatch12.5build125112
OR
zohocorpmanageengine_opmanagerMatch12.5build125113
OR
zohocorpmanageengine_opmanagerMatch12.5build125114
OR
zohocorpmanageengine_opmanagerMatch12.5build125116
OR
zohocorpmanageengine_opmanagerMatch12.5build125117
OR
zohocorpmanageengine_opmanagerMatch12.5build125118
OR
zohocorpmanageengine_opmanagerMatch12.5build125120
OR
zohocorpmanageengine_opmanagerMatch12.5build125121
OR
zohocorpmanageengine_opmanagerMatch12.5build125123
OR
zohocorpmanageengine_opmanagerMatch12.5build125124
OR
zohocorpmanageengine_opmanagerMatch12.5build125125
OR
zohocorpmanageengine_opmanagerMatch12.5build125136
OR
zohocorpmanageengine_opmanagerMatch12.5build125137
OR
zohocorpmanageengine_opmanagerMatch12.5build125139
OR
zohocorpmanageengine_opmanagerMatch12.5build125140
OR
zohocorpmanageengine_opmanagerMatch12.5build125143
OR
zohocorpmanageengine_opmanagerMatch12.5build125144
OR
zohocorpmanageengine_opmanagerMatch12.5build125145
OR
zohocorpmanageengine_opmanagerMatch12.5build125156
OR
zohocorpmanageengine_opmanagerMatch12.5build125157
OR
zohocorpmanageengine_opmanagerMatch12.5build125158
OR
zohocorpmanageengine_opmanagerMatch12.5build125159
OR
zohocorpmanageengine_opmanagerMatch12.5build125161
OR
zohocorpmanageengine_opmanagerMatch12.5build125163
OR
zohocorpmanageengine_opmanagerMatch12.5build125174
OR
zohocorpmanageengine_opmanagerMatch12.5build125175
OR
zohocorpmanageengine_opmanagerMatch12.5build125176
OR
zohocorpmanageengine_opmanagerMatch12.5build125177
OR
zohocorpmanageengine_opmanagerMatch12.5build125178
OR
zohocorpmanageengine_opmanagerMatch12.5build125180
OR
zohocorpmanageengine_opmanagerMatch12.5build125181
OR
zohocorpmanageengine_opmanagerMatch12.5build125192
OR
zohocorpmanageengine_opmanagerMatch12.5build125193
OR
zohocorpmanageengine_opmanagerMatch12.5build125194
OR
zohocorpmanageengine_opmanagerMatch12.5build125195
OR
zohocorpmanageengine_opmanagerMatch12.5build125196
OR
zohocorpmanageengine_opmanagerMatch12.5build125197
OR
zohocorpmanageengine_opmanagerMatch12.5build125198
OR
zohocorpmanageengine_opmanagerMatch12.5build125201
OR
zohocorpmanageengine_opmanagerMatch12.5build125204
OR
zohocorpmanageengine_opmanagerMatch12.5build125212
OR
zohocorpmanageengine_opmanagerMatch12.5build125213
OR
zohocorpmanageengine_opmanagerMatch12.5build125214
OR
zohocorpmanageengine_opmanagerMatch12.5build125215
OR
zohocorpmanageengine_opmanagerMatch12.5build125216
OR
zohocorpmanageengine_opmanagerMatch12.5build125228
OR
zohocorpmanageengine_opmanagerMatch12.5build125229
OR
zohocorpmanageengine_opmanagerMatch12.5build125230
OR
zohocorpmanageengine_opmanagerMatch12.5build125231
OR
zohocorpmanageengine_opmanagerMatch12.5build125232
VendorProductVersionCPE
zohocorpmanageengine_opmanager*cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*
zohocorpmanageengine_opmanager12.5cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*
Rows per page:
1-10 of 591

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.637

Percentile

97.9%