Skip to content

Commit 4bccc05

Browse files
committed
Add a note about exploitable versions
1 parent fd0f565 commit 4bccc05

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

modules/exploits/multi/http/opmanager_sumpdu_deserialization.rb

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,10 @@ def initialize(info = {})
2727
commands in the context of the OpManager application (NT AUTHORITY\SYSTEM on Windows or root on Linux). This
2828
vulnerability is also present in other products that are built on top of the OpManager application. This
2929
vulnerability affects OpManager versions 12.1 - 12.5.328.
30+
31+
Automatic CVE selection only works for newer targets when the build number is present in the logon page. Due
32+
to issues with the serialized payload this module is incompatible with versions prior to 12.3.238 despite them
33+
technically being vulnerable.
3034
},
3135
'Author' => [
3236
'Johannes Moritz', # Original Vulnerability Research

0 commit comments

Comments
 (0)