Lucene search

[email protected]CVE-2020-15394

HistorySep 25, 2020 - 7:15 a.m.

CVE-2020-15394

2020-09-2507:15:11

CWE-89

[email protected]

web.nvd.nist.gov

cve-2020-15394

zoho

manageengine

applications manager

sql injection

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerRange<14.0

zohocorpmanageengine_applications_managerMatch14.0-

zohocorpmanageengine_applications_managerMatch14.0build14000

zohocorpmanageengine_applications_managerMatch14.0build14010

zohocorpmanageengine_applications_managerMatch14.0build14020

zohocorpmanageengine_applications_managerMatch14.0build14030

zohocorpmanageengine_applications_managerMatch14.0build14040

zohocorpmanageengine_applications_managerMatch14.0build14050

zohocorpmanageengine_applications_managerMatch14.0build14060

zohocorpmanageengine_applications_managerMatch14.0build14070

zohocorpmanageengine_applications_managerMatch14.0build14071

zohocorpmanageengine_applications_managerMatch14.0build14072

zohocorpmanageengine_applications_managerMatch14.0build14073

zohocorpmanageengine_applications_managerMatch14.0build14080

zohocorpmanageengine_applications_managerMatch14.0build14090

zohocorpmanageengine_applications_managerMatch14.0build14100

zohocorpmanageengine_applications_managerMatch14.0build14110

zohocorpmanageengine_applications_managerMatch14.0build14120

zohocorpmanageengine_applications_managerMatch14.0build14130

zohocorpmanageengine_applications_managerMatch14.0build14140

zohocorpmanageengine_applications_managerMatch14.0build14150

zohocorpmanageengine_applications_managerMatch14.0build14160

zohocorpmanageengine_applications_managerMatch14.0build14170

zohocorpmanageengine_applications_managerMatch14.0build14180

zohocorpmanageengine_applications_managerMatch14.0build14190

zohocorpmanageengine_applications_managerMatch14.0build14200

zohocorpmanageengine_applications_managerMatch14.0build14210

zohocorpmanageengine_applications_managerMatch14.0build14220

zohocorpmanageengine_applications_managerMatch14.0build14230

zohocorpmanageengine_applications_managerMatch14.0build14240

zohocorpmanageengine_applications_managerMatch14.0build14250

zohocorpmanageengine_applications_managerMatch14.0build14260

zohocorpmanageengine_applications_managerMatch14.0build14261

zohocorpmanageengine_applications_managerMatch14.0build14262

zohocorpmanageengine_applications_managerMatch14.0build14270

zohocorpmanageengine_applications_managerMatch14.0build14280

zohocorpmanageengine_applications_managerMatch14.0build14290

zohocorpmanageengine_applications_managerMatch14.0build14300

zohocorpmanageengine_applications_managerMatch14.0build14310

zohocorpmanageengine_applications_managerMatch14.0build14330

zohocorpmanageengine_applications_managerMatch14.0build14331

zohocorpmanageengine_applications_managerMatch14.0build14332

zohocorpmanageengine_applications_managerMatch14.0build14340

zohocorpmanageengine_applications_managerMatch14.0build14350

zohocorpmanageengine_applications_managerMatch14.0build14360

zohocorpmanageengine_applications_managerMatch14.0build14361

zohocorpmanageengine_applications_managerMatch14.0build14370

zohocorpmanageengine_applications_managerMatch14.0build14380

zohocorpmanageengine_applications_managerMatch14.0build14390

zohocorpmanageengine_applications_managerMatch14.0build14400

zohocorpmanageengine_applications_managerMatch14.0build14401

zohocorpmanageengine_applications_managerMatch14.0build14410

zohocorpmanageengine_applications_managerMatch14.0build14420

zohocorpmanageengine_applications_managerMatch14.0build14430

zohocorpmanageengine_applications_managerMatch14.0build14440

zohocorpmanageengine_applications_managerMatch14.0build14450

zohocorpmanageengine_applications_managerMatch14.0build14460

zohocorpmanageengine_applications_managerMatch14.0build14470

zohocorpmanageengine_applications_managerMatch14.0build14480

zohocorpmanageengine_applications_managerMatch14.0build14490

zohocorpmanageengine_applications_managerMatch14.0build14500

zohocorpmanageengine_applications_managerMatch14.0build14510

zohocorpmanageengine_applications_managerMatch14.0build14520

zohocorpmanageengine_applications_managerMatch14.0build14530

zohocorpmanageengine_applications_managerMatch14.0build14531

zohocorpmanageengine_applications_managerMatch14.0build14532

zohocorpmanageengine_applications_managerMatch14.0build14533

zohocorpmanageengine_applications_managerMatch14.0build14540

zohocorpmanageengine_applications_managerMatch14.0build14550

zohocorpmanageengine_applications_managerMatch14.0build14560

zohocorpmanageengine_applications_managerMatch14.0build14570

zohocorpmanageengine_applications_managerMatch14.0build14580

zohocorpmanageengine_applications_managerMatch14.0build14590

zohocorpmanageengine_applications_managerMatch14.0build14600

zohocorpmanageengine_applications_managerMatch14.0build14610

zohocorpmanageengine_applications_managerMatch14.0build14620

zohocorpmanageengine_applications_managerMatch14.0build14630

zohocorpmanageengine_applications_managerMatch14.0build14660

zohocorpmanageengine_applications_managerMatch14.0build14670

zohocorpmanageengine_applications_managerMatch14.0build14681

zohocorpmanageengine_applications_managerMatch14.0build14682

zohocorpmanageengine_applications_managerMatch14.0build14683

zohocorpmanageengine_applications_managerMatch14.0build14684

zohocorpmanageengine_applications_managerMatch14.0build14685

zohocorpmanageengine_applications_managerMatch14.0build14690

zohocorpmanageengine_applications_managerMatch14.0build14700

zohocorpmanageengine_applications_managerMatch14.0build14710

zohocorpmanageengine_applications_managerMatch14.0build14720

zohocorpmanageengine_applications_managerMatch14.0build14730

CPENameOperatorVersion
zohocorp:manageengine_applications_managerzohocorp manageengine applications managerlt14.0

CPE	Name	Operator	Version
zohocorp:manageengine_applications_manager	zohocorp manageengine applications manager	lt	14.0

References

www.manageengine.com

www.manageengine.com/products/applications_manager/issues.html#v14740

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2020-15394

cvelist1 prion1 nvd1 nessus1