Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-14008

🗓️ 04 Sep 2020 14:14:15Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 172 Views🌐 WEB

Zoho ManageEngine Applications Manager 14710 allows authenticated admin user to upload vulnerable jar for remote code execution

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Zohocorp Manageengine_Applications_Manager
9 May 202615:32
githubexploit
Circl		CVE-2020-14008
9 May 202621:00
circl
Check Point Advisories		Zoho ManageEngine Applications Manager Arbitrary File Upload (CVE-2020-14008)
21 Nov 202000:00
checkpoint_advisories
Cvelist		CVE-2020-14008
4 Sep 202014:14
cvelist
Exploit DB		ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
7 Sep 202000:00
exploitdb
NVD		CVE-2020-14008
4 Sep 202015:15
nvd
OSV		CVE-2020-14008
4 Sep 202015:15
osv
Packet Storm		ManageEngine Applications Manager Authenticated Remote Code Execution
4 Sep 202000:00
packetstorm
Prion		Remote code execution
4 Sep 202015:15
prion
RedhatCVE		CVE-2020-14008
22 May 202516:19
redhatcve
Rows per page
NVD
Node
zohocorpmanageengine_applications_managerRange13.0
OR
zohocorpmanageengine_applications_managerMatch14.0-
OR
zohocorpmanageengine_applications_managerMatch14.0build14000
OR
zohocorpmanageengine_applications_managerMatch14.0build14010
OR
zohocorpmanageengine_applications_managerMatch14.0build14020
OR
zohocorpmanageengine_applications_managerMatch14.0build14030
OR
zohocorpmanageengine_applications_managerMatch14.0build14040
OR
zohocorpmanageengine_applications_managerMatch14.0build14050
OR
zohocorpmanageengine_applications_managerMatch14.0build14060
OR
zohocorpmanageengine_applications_managerMatch14.0build14070
OR
zohocorpmanageengine_applications_managerMatch14.0build14071
OR
zohocorpmanageengine_applications_managerMatch14.0build14072
OR
zohocorpmanageengine_applications_managerMatch14.0build14073
OR
zohocorpmanageengine_applications_managerMatch14.0build14080
OR
zohocorpmanageengine_applications_managerMatch14.0build14090
OR
zohocorpmanageengine_applications_managerMatch14.0build14100
OR
zohocorpmanageengine_applications_managerMatch14.0build14110
OR
zohocorpmanageengine_applications_managerMatch14.0build14120
OR
zohocorpmanageengine_applications_managerMatch14.0build14130
OR
zohocorpmanageengine_applications_managerMatch14.0build14140
OR
zohocorpmanageengine_applications_managerMatch14.0build14150
OR
zohocorpmanageengine_applications_managerMatch14.0build14160
OR
zohocorpmanageengine_applications_managerMatch14.0build14170
OR
zohocorpmanageengine_applications_managerMatch14.0build14180
OR
zohocorpmanageengine_applications_managerMatch14.0build14190
OR
zohocorpmanageengine_applications_managerMatch14.0build14200
OR
zohocorpmanageengine_applications_managerMatch14.0build14210
OR
zohocorpmanageengine_applications_managerMatch14.0build14220
OR
zohocorpmanageengine_applications_managerMatch14.0build14230
OR
zohocorpmanageengine_applications_managerMatch14.0build14240
OR
zohocorpmanageengine_applications_managerMatch14.0build14250
OR
zohocorpmanageengine_applications_managerMatch14.0build14260
OR
zohocorpmanageengine_applications_managerMatch14.0build14261
OR
zohocorpmanageengine_applications_managerMatch14.0build14262
OR
zohocorpmanageengine_applications_managerMatch14.0build14270
OR
zohocorpmanageengine_applications_managerMatch14.0build14280
OR
zohocorpmanageengine_applications_managerMatch14.0build14290
OR
zohocorpmanageengine_applications_managerMatch14.0build14300
OR
zohocorpmanageengine_applications_managerMatch14.0build14310
OR
zohocorpmanageengine_applications_managerMatch14.0build14330
OR
zohocorpmanageengine_applications_managerMatch14.0build14331
OR
zohocorpmanageengine_applications_managerMatch14.0build14332
OR
zohocorpmanageengine_applications_managerMatch14.0build14340
OR
zohocorpmanageengine_applications_managerMatch14.0build14350
OR
zohocorpmanageengine_applications_managerMatch14.0build14360
OR
zohocorpmanageengine_applications_managerMatch14.0build14361
OR
zohocorpmanageengine_applications_managerMatch14.0build14370
OR
zohocorpmanageengine_applications_managerMatch14.0build14380
OR
zohocorpmanageengine_applications_managerMatch14.0build14390
OR
zohocorpmanageengine_applications_managerMatch14.0build14400
OR
zohocorpmanageengine_applications_managerMatch14.0build14401
OR
zohocorpmanageengine_applications_managerMatch14.0build14410
OR
zohocorpmanageengine_applications_managerMatch14.0build14420
OR
zohocorpmanageengine_applications_managerMatch14.0build14430
OR
zohocorpmanageengine_applications_managerMatch14.0build14440
OR
zohocorpmanageengine_applications_managerMatch14.0build14450
OR
zohocorpmanageengine_applications_managerMatch14.0build14460
OR
zohocorpmanageengine_applications_managerMatch14.0build14470
OR
zohocorpmanageengine_applications_managerMatch14.0build14480
OR
zohocorpmanageengine_applications_managerMatch14.0build14490
OR
zohocorpmanageengine_applications_managerMatch14.0build14500
OR
zohocorpmanageengine_applications_managerMatch14.0build14510
OR
zohocorpmanageengine_applications_managerMatch14.0build14520
OR
zohocorpmanageengine_applications_managerMatch14.0build14530
OR
zohocorpmanageengine_applications_managerMatch14.0build14531
OR
zohocorpmanageengine_applications_managerMatch14.0build14532
OR
zohocorpmanageengine_applications_managerMatch14.0build14533
OR
zohocorpmanageengine_applications_managerMatch14.0build14540
OR
zohocorpmanageengine_applications_managerMatch14.0build14550
OR
zohocorpmanageengine_applications_managerMatch14.0build14560
OR
zohocorpmanageengine_applications_managerMatch14.0build14570
OR
zohocorpmanageengine_applications_managerMatch14.0build14580
OR
zohocorpmanageengine_applications_managerMatch14.0build14590
OR
zohocorpmanageengine_applications_managerMatch14.0build14600
OR
zohocorpmanageengine_applications_managerMatch14.0build14610
OR
zohocorpmanageengine_applications_managerMatch14.0build14620
OR
zohocorpmanageengine_applications_managerMatch14.0build14630
OR
zohocorpmanageengine_applications_managerMatch14.0build14660
OR
zohocorpmanageengine_applications_managerMatch14.0build14670
OR
zohocorpmanageengine_applications_managerMatch14.0build14681
OR
zohocorpmanageengine_applications_managerMatch14.0build14682
OR
zohocorpmanageengine_applications_managerMatch14.0build14683
OR
zohocorpmanageengine_applications_managerMatch14.0build14684
OR
zohocorpmanageengine_applications_managerMatch14.0build14685
OR
zohocorpmanageengine_applications_managerMatch14.0build14690
OR
zohocorpmanageengine_applications_managerMatch14.0build14700
OR
zohocorpmanageengine_applications_managerMatch14.0build14710
ParameterPositionPathDescriptionCWE
uploadDirupload dataUpload.doAuthenticated admin can upload a malicious JAR to a WebLogic-related folder via a crafted Upload.do request, enabling remote code execution.CWE-434
theFileupload dataUpload.doAuthenticated admin can upload a malicious JAR to a WebLogic-related folder via a crafted Upload.do request, enabling remote code execution.CWE-434
actionsbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
methodbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
idbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
displaynamebodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
serversitebodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
choosehostbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
promptbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
commandbodyadminAction.doCreates a program execution action to move the uploaded JAR into the WebLogic directory, enabling subsequent RCE when the credential test runs.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 02:54Current
7.2High risk
Vulners AI Score7.2
CVSS 26.5
CVSS 3.17.2
EPSS0.35527
CWE-434
zohomanageengineapplications managercve-2020-14008authenticated uservulnerable jarremote code execution
172