← back
CVE-2020-28653

CVE-2020-28653

EPSS 78.7%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 78.7%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
03 Feb 2021Published on NVD
26 Jul 2021Metasploit module available
31 Jul 2021Public PoC
Weaponization speed
177 daysto first PoC
172 daysto Metasploit module
Recommendation: Patch as soon as possible — active exploitation confirmed.
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.