File tree Expand file tree Collapse file tree
documentation/modules/exploit/multi/http Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -13,9 +13,9 @@ This vulnerability affects OpManager versions 12.1 - 12.5.232. The vulnerability
1313SmartUpdateManager handler that when deserialized executes an arbitary OS command.
1414
1515#### CVE-2021 -3287
16- This vulnerability is a patch bypass for CVE-2020 -28653 and affects OpManger versions 12.5.233 - 12.5.328. When the
16+ This vulnerability is a patch bypass for CVE-2020 -28653 and affects OpManager versions 12.5.233 - 12.5.328. When the
1717original vulnerability was patched, it was done so using a new ` ITOMObjectInputStream ` deserializer class. This object
18- has a flaw in it's validation logic. The object works by requiring the caller to specify a list of one or more object
18+ has a flaw in its validation logic. The object works by requiring the caller to specify a list of one or more object
1919classes that can be deserialized. If an instance is used to perform more than one ` readObject ` call however, only the
2020first is protected because once a serialized object of an allowed type is read from the stream, the
2121` ITOMObjectInputStream ` instance remains in a sort of authenticated state where subsequent objects can be read of any
@@ -54,7 +54,7 @@ AUTHORITY\SYSTEM.
54541 . Download an affected version for either Windows or Linux from the [ archive] [ 0 ]
55551 . Run the installer executable as root
56561 . Accept the default values for all settings (skip registration)
57- 1 . Navigate to ` /opt/ManageEngine/OpManagerCentral/bin `
57+ 1 . Navigate to ` /opt/ManageEngine/OpManagerCentral/bin ` , older versions use ` /opt/ManageEngine/OpManager/bin `
58581 . Run ` run.sh ` as root
5959
6060## Verification Steps
You can’t perform that action at this time.
0 commit comments