CVE-2020-28653

Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.

Vulnerability Details
Impact CVSS V3 rating: 10 (High)
Reported 7th November, 2020
Reported by Johannes Mortiz, an independent Security researcher
Fixed 13th November, 2020
Affected Builds → Builds 12.1.000 & above
Fixed in Builds 12.5.203 / 12.5.218
Overview Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.
Recommended Fix → For builds 12.1.000 & above, please upgrade to OpManager Version 12.5.203.

→ For builds 12.5.204 - 12.5.217, please upgrade to OpManager Version 12.5.218.

 

Description

Unauthenticated Remote Code Execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet. 

We recommend that you upgrade to OpManager Version 12.5.203 or contact our support team at itom-upgrades@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2020-28653 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote