Lucene search
HistoryOct 29, 2020 - 5:15 p.m.
CVE-2020-27995
cve-2020-27995
sql injection
zoho manageengine
applications manager
mypage.do template_resid parameter
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.5%
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
Affected configurations
Node
zohocorpmanageengine_applications_managerMatch14.0-
ORzohocorpmanageengine_applications_managerMatch14.0build14000
ORzohocorpmanageengine_applications_managerMatch14.0build14010
ORzohocorpmanageengine_applications_managerMatch14.0build14020
ORzohocorpmanageengine_applications_managerMatch14.0build14030
ORzohocorpmanageengine_applications_managerMatch14.0build14040
ORzohocorpmanageengine_applications_managerMatch14.0build14050
ORzohocorpmanageengine_applications_managerMatch14.0build14060
ORzohocorpmanageengine_applications_managerMatch14.0build14070
ORzohocorpmanageengine_applications_managerMatch14.0build14071
ORzohocorpmanageengine_applications_managerMatch14.0build14072
ORzohocorpmanageengine_applications_managerMatch14.0build14073
ORzohocorpmanageengine_applications_managerMatch14.0build14080
ORzohocorpmanageengine_applications_managerMatch14.0build14090
ORzohocorpmanageengine_applications_managerMatch14.0build14100
ORzohocorpmanageengine_applications_managerMatch14.0build14110
ORzohocorpmanageengine_applications_managerMatch14.0build14120
ORzohocorpmanageengine_applications_managerMatch14.0build14130
ORzohocorpmanageengine_applications_managerMatch14.0build14140
ORzohocorpmanageengine_applications_managerMatch14.0build14150
ORzohocorpmanageengine_applications_managerMatch14.0build14160
ORzohocorpmanageengine_applications_managerMatch14.0build14170
ORzohocorpmanageengine_applications_managerMatch14.0build14180
ORzohocorpmanageengine_applications_managerMatch14.0build14190
ORzohocorpmanageengine_applications_managerMatch14.0build14200
ORzohocorpmanageengine_applications_managerMatch14.0build14210
ORzohocorpmanageengine_applications_managerMatch14.0build14220
ORzohocorpmanageengine_applications_managerMatch14.0build14230
ORzohocorpmanageengine_applications_managerMatch14.0build14240
ORzohocorpmanageengine_applications_managerMatch14.0build14250
ORzohocorpmanageengine_applications_managerMatch14.0build14260
ORzohocorpmanageengine_applications_managerMatch14.0build14261
ORzohocorpmanageengine_applications_managerMatch14.0build14262
ORzohocorpmanageengine_applications_managerMatch14.0build14270
ORzohocorpmanageengine_applications_managerMatch14.0build14280
ORzohocorpmanageengine_applications_managerMatch14.0build14290
ORzohocorpmanageengine_applications_managerMatch14.0build14300
ORzohocorpmanageengine_applications_managerMatch14.0build14310
ORzohocorpmanageengine_applications_managerMatch14.0build14330
ORzohocorpmanageengine_applications_managerMatch14.0build14331
ORzohocorpmanageengine_applications_managerMatch14.0build14332
ORzohocorpmanageengine_applications_managerMatch14.0build14340
ORzohocorpmanageengine_applications_managerMatch14.0build14350
ORzohocorpmanageengine_applications_managerMatch14.0build14360
ORzohocorpmanageengine_applications_managerMatch14.0build14361
ORzohocorpmanageengine_applications_managerMatch14.0build14370
ORzohocorpmanageengine_applications_managerMatch14.0build14380
ORzohocorpmanageengine_applications_managerMatch14.0build14390
ORzohocorpmanageengine_applications_managerMatch14.0build14400
ORzohocorpmanageengine_applications_managerMatch14.0build14401
ORzohocorpmanageengine_applications_managerMatch14.0build14410
ORzohocorpmanageengine_applications_managerMatch14.0build14420
ORzohocorpmanageengine_applications_managerMatch14.0build14430
ORzohocorpmanageengine_applications_managerMatch14.0build14440
ORzohocorpmanageengine_applications_managerMatch14.0build14450
ORzohocorpmanageengine_applications_managerMatch14.0build14460
ORzohocorpmanageengine_applications_managerMatch14.0build14470
ORzohocorpmanageengine_applications_managerMatch14.0build14480
ORzohocorpmanageengine_applications_managerMatch14.0build14490
ORzohocorpmanageengine_applications_managerMatch14.0build14500
ORzohocorpmanageengine_applications_managerMatch14.0build14510
ORzohocorpmanageengine_applications_managerMatch14.0build14520
ORzohocorpmanageengine_applications_managerMatch14.0build14530
ORzohocorpmanageengine_applications_managerMatch14.0build14531
ORzohocorpmanageengine_applications_managerMatch14.0build14532
ORzohocorpmanageengine_applications_managerMatch14.0build14533
ORzohocorpmanageengine_applications_managerMatch14.0build14540
ORzohocorpmanageengine_applications_managerMatch14.0build14550
| CPE | Name | Operator | Version |
|---|---|---|---|
| zohocorp:manageengine_applications_manager | zohocorp manageengine applications manager | eq | 14.0 |
Related
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine Applications Manager SQL Injection (CVE-2020-27995)
2020-11-21 00:00:00
prion
prion
Sql injection
2020-10-29 17:15:00
cvelist
cvelist
CVE-2020-27995
2020-10-29 16:31:52
nvd
nvd
CVE-2020-27995
2020-10-29 17:15:12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.5%
Related for CVE-2020-27995