|Impact||CVSS V3 rating: 10 (High)|
|Reported||7th November, 2020|
|Reported by||Johannes Mortiz, an independent Security researcher|
|Fixed||13th November, 2020|
|Affected Builds||→ Builds 12.1.000 & above|
|Fixed in||Builds 12.5.203 / 12.5.218|
|Overview||Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.|
→ For builds 12.1.000 & above, please upgrade to OpUtils version 12.5.203 or above.
→ For builds 12.5.204 - 12.5.217, please upgrade to OpUtils version 12.5.128.
Unauthenticated Remote Code Execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.
Source and Acknowledgements
Find out more about CVE-2020-28653 from the CVE dictionary.