What is CVE-2020-28653?

CVE-2020-28653 is a vulnerability in N/a. Published 2021-02-03.

Is CVE-2020-28653 known to be exploited?

16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-28653

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

EPSS: 0.931 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

tuo4n8/CVE-2020-28653
intrigueio/cve-2020-28653-poc
mr-r3bot/ManageEngine-CVE-2020-28653
rapid7/metasploit-framework
20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cvemon
AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
BrittanyKuhn/javascript-tutorial
GrrrDog/Java-Deserialization-Cheat-Sheet

References

www.manageengine.com/network-monitoring/help/read-me-complete.html (x_refsource_CONFIRM)
www.manageengine.com/network-monitoring/help/read-me-complete.html (x_refsource_CONFIRM)
packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deseria… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-28653?: CVE-2020-28653 is a vulnerability in N/a. Published 2021-02-03.
Is CVE-2020-28653 known to be exploited?: 16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.