Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html | Exploit Third Party Advisory VDB Entry |
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125329 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Apr 2022, 18:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html - Exploit, Third Party Advisory, VDB Entry |
22 Sep 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2021, 13:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125329 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:-:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:* |
|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
22 Apr 2021, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-22 13:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3287
Mitre link : CVE-2021-3287
CVE.ORG link : CVE-2021-3287
JSON object : View
Products Affected
zohocorp
- manageengine_opmanager
CWE
CWE-502
Deserialization of Untrusted Data