add older path, fix typo

documentation/modules/exploit/multi/http/opmanager_sumpdu_deserialization.md

@@ -13,9 +13,9 @@ This vulnerability affects OpManager versions 12.1 - 12.5.232. The vulnerability
 SmartUpdateManager handler that when deserialized executes an arbitary OS command.
 
 #### CVE-2021-3287
-This vulnerability is a patch bypass for CVE-2020-28653 and affects OpManger versions 12.5.233 - 12.5.328. When the
+This vulnerability is a patch bypass for CVE-2020-28653 and affects OpManager versions 12.5.233 - 12.5.328. When the
 original vulnerability was patched, it was done so using a new `ITOMObjectInputStream` deserializer class. This object
-has a flaw in it's validation logic. The object works by requiring the caller to specify a list of one or more object
+has a flaw in its validation logic. The object works by requiring the caller to specify a list of one or more object
 classes that can be deserialized. If an instance is used to perform more than one `readObject` call however, only the
 first is protected because once a serialized object of an allowed type is read from the stream, the
 `ITOMObjectInputStream` instance remains in a sort of authenticated state where subsequent objects can be read of any
@@ -54,7 +54,7 @@ AUTHORITY\SYSTEM.
 1. Download an affected version for either Windows or Linux from the [archive][0]
 1. Run the installer executable as root
 1. Accept the default values for all settings (skip registration)
-1. Navigate to `/opt/ManageEngine/OpManagerCentral/bin`
+1. Navigate to `/opt/ManageEngine/OpManagerCentral/bin`, older versions use `/opt/ManageEngine/OpManager/bin`
 1. Run `run.sh` as root
 
 ## Verification Steps