# Security Updates - CVE-2020-28653 | ManageEngine OpManager

## CVE-2020-28653

### Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: 10 (High)** |
| Reported | 7th November, 2020 |
| Reported by | Johannes Mortiz, an independent Security researcher |
| Fixed | 13th November, 2020 |
| Affected Builds | → Builds 12.1.000 & above |
| Fixed in | Builds 12.5.203 / 12.5.218 |
| Overview | Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet. |
| Recommended Fix | **→ For builds 12.1.000 & above, please upgrade to [OpManager Version 12.5.203](https://www.manageengine.com/network-monitoring/service-packs.html?125203).**<br><br>**→ For builds 12.5.204 - 12.5.217, please upgrade to [OpManager Version 12.5.218](https://www.manageengine.com/network-monitoring/29809517/ManageEngine_OpManager_12_0_SP-5_2_1_8.ppm?CVE-28653).** |

## Description

Unauthenticated Remote Code Execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.

We recommend that you [upgrade to OpManager Version 12.5.203](https://www.manageengine.com/network-monitoring/service-packs.html?125203) or contact our support team at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com) to fix this issue.

## Source and Acknowledgements

Find out more about CVE-2020-28653 from the [CVE dictionary](https://nvd.nist.gov/vuln/detail/CVE-2020-28653).

## Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [itom-upgrades@manageengine.com](mailto:itom-upgrades@manageengine.com).