CVE-2021-3287
CRITICAL EXPLOITED NUCLEIManageEngine OpManager SumPDU Java Deserialization
Title source: metasploitDescription
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Johannes Moritz, Robin Peraglie, Spencer McIntyre · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/opmanager_sumpdu_deserialization.rb
Nuclei Templates (1)
Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
CRITICALVERIFIEDby theamanrawat
Shodan:
http.title:"opmanager plus" || http.title:"opmanager"
FOFA:
title="opmanager plus" || title="opmanager"
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125329
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
Scores
CVSS v3
9.8
EPSS
0.8848
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-01-13
CWE
CWE-502
Status
published
Products (1)
zohocorp/manageengine_opmanager
12.5 (50 CPE variants)
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026