critical
9.8
Advisory Published
Updated

CVE-2020-28653

First published: Wed Feb 03 2021(Updated: )

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ManageEngine OpManager MSP<12.5
ManageEngine OpManager MSP=12.5-build125000
ManageEngine OpManager MSP=12.5-build125002
ManageEngine OpManager MSP=12.5-build125100
ManageEngine OpManager MSP=12.5-build125101
ManageEngine OpManager MSP=12.5-build125102
ManageEngine OpManager MSP=12.5-build125108
ManageEngine OpManager MSP=12.5-build125110
ManageEngine OpManager MSP=12.5-build125111
ManageEngine OpManager MSP=12.5-build125112
ManageEngine OpManager MSP=12.5-build125113
ManageEngine OpManager MSP=12.5-build125114
ManageEngine OpManager MSP=12.5-build125116
ManageEngine OpManager MSP=12.5-build125117
ManageEngine OpManager MSP=12.5-build125118
ManageEngine OpManager MSP=12.5-build125120
ManageEngine OpManager MSP=12.5-build125121
ManageEngine OpManager MSP=12.5-build125123
ManageEngine OpManager MSP=12.5-build125124
ManageEngine OpManager MSP=12.5-build125125
ManageEngine OpManager MSP=12.5-build125136
ManageEngine OpManager MSP=12.5-build125137
ManageEngine OpManager MSP=12.5-build125139
ManageEngine OpManager MSP=12.5-build125140
ManageEngine OpManager MSP=12.5-build125143
ManageEngine OpManager MSP=12.5-build125144
ManageEngine OpManager MSP=12.5-build125145
ManageEngine OpManager MSP=12.5-build125156
ManageEngine OpManager MSP=12.5-build125157
ManageEngine OpManager MSP=12.5-build125158
ManageEngine OpManager MSP=12.5-build125159
ManageEngine OpManager MSP=12.5-build125161
ManageEngine OpManager MSP=12.5-build125163
ManageEngine OpManager MSP=12.5-build125174
ManageEngine OpManager MSP=12.5-build125175
ManageEngine OpManager MSP=12.5-build125176
ManageEngine OpManager MSP=12.5-build125177
ManageEngine OpManager MSP=12.5-build125178
ManageEngine OpManager MSP=12.5-build125180
ManageEngine OpManager MSP=12.5-build125181
ManageEngine OpManager MSP=12.5-build125192
ManageEngine OpManager MSP=12.5-build125193
ManageEngine OpManager MSP=12.5-build125194
ManageEngine OpManager MSP=12.5-build125195
ManageEngine OpManager MSP=12.5-build125196
ManageEngine OpManager MSP=12.5-build125197
ManageEngine OpManager MSP=12.5-build125198
ManageEngine OpManager MSP=12.5-build125201
ManageEngine OpManager MSP=12.5-build125204
ManageEngine OpManager MSP=12.5-build125212
ManageEngine OpManager MSP=12.5-build125213
ManageEngine OpManager MSP=12.5-build125214
ManageEngine OpManager MSP=12.5-build125215
ManageEngine OpManager MSP=12.5-build125216
ManageEngine OpManager MSP=12.5-build125228
ManageEngine OpManager MSP=12.5-build125229
ManageEngine OpManager MSP=12.5-build125230
ManageEngine OpManager MSP=12.5-build125231
ManageEngine OpManager MSP=12.5-build125232

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-28653?

    CVE-2020-28653 has a critical severity rating due to its potential for Remote Code Execution.

  • How do I fix CVE-2020-28653?

    To fix CVE-2020-28653, update your Zoho ManageEngine OpManager to version 12.5 build 125203 or later.

  • Which versions of ManageEngine OpManager are affected by CVE-2020-28653?

    CVE-2020-28653 affects all ManageEngine OpManager versions prior to 12.5 build 125203.

  • Can CVE-2020-28653 be exploited remotely?

    Yes, CVE-2020-28653 can be exploited remotely through the Smart Update Manager servlet.

  • What kind of attack does CVE-2020-28653 allow?

    CVE-2020-28653 allows for Remote Code Execution attacks, enabling malicious users to execute arbitrary code on the server.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203