| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10 (High) |
| Reported | 7th November, 2020 |
| Reported by | Johannes Mortiz, an independent Security researcher |
| Fixed | 13th November, 2020 |
| Affected Builds | → Builds 12.1.000 & above |
| Fixed in | Builds 12.5.203 / 12.5.218 |
| Overview | Unauthenticated remote code execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet. |
| Recommended Fix | → For builds 12.1.000 & above, please upgrade to OpManager Version 12.5.203. → For builds 12.5.204 - 12.5.217, please upgrade to OpManager Version 12.5.218. |
Unauthenticated Remote Code Execution (RCE) vulnerability in the Smart Update Manager (SUM) servlet.
We recommend that you upgrade to OpManager Version 12.5.203 or contact our support team at itom-upgrades@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2020-28653 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.