CVEs-PoC/2021/CVE-2021-3287.md

CVE-2021-3287

Description

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

POC

Reference

• http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
• http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
• https://github.com/BrittanyKuhn/javascript-tutorial
• https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet