CVE-2021-3287
CRITICAL EXPLOITED NUCLEIManageEngine OpManager SumPDU Java Deserialization
Title source: metasploitDescription
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Nuclei Templates (1)
Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
CRITICALVERIFIEDby theamanrawat
Shodan:
http.title:"opmanager plus" || http.title:"opmanager"
FOFA:
title="opmanager plus" || title="opmanager"
Scores
CVSS v3
9.8
EPSS
0.8571
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Intel
VulnCheck KEV
2024-01-13
Classification
CWE
CWE-502
Status
published
Affected Products (50)
zohocorp/manageengine_opmanager
< 12.5
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
zohocorp/manageengine_opmanager
... and 35 more
Timeline
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026