CVE-2020-28653

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine OpManager versions prior to 125203 (Stable build) and prior to 125233 (Released build)

Description: The issue allows Remote Code Execution via the Smart Update Manager (SUM) servlet. This can be exploited for malicious purposes.

Recommendations: For versions prior to 125203 (Stable build) and prior to 125233 (Released build), update to a version that is 125203 or later for Stable builds, and 125233 or later for Released builds. As a temporary workaround, consider disabling the Smart Update Manager (SUM) servlet until a patch is available. Restrict access to the SUM servlet to minimize the risk of exploitation.