vendor:
opManager
by:
@kindredsec
7.5
CVSS
HIGH
Authenticated Code Execution
78
CWE
Product Name: opManager
Affected Version From: 12.3.150
Affected Version To: 12.3.150
Patch Exists: YES
Related CWE: N/A
CPE: a:manageengine:opmanager
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows Server 2016
2019
ManageEngine opManager Authenticated Code Execution
This exploit allows an authenticated user to execute arbitrary code on the ManageEngine opManager application. The exploit uses the ExecuteCommandServlet servlet to execute the code on the target device. The exploit requires valid credentials to authenticate and execute the code.
Mitigation:
Ensure that the application is up to date and that all users have strong passwords.
