Lucene search
+L

CVE-2020-8838

🗓️ 23 Mar 2020 16:05:43Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 119 Views🌐 WEB

Issue in Zoho ManageEngine AssetExplorer 6.5 allows remote code executio

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
ManageEngine Asset Explorer Windows Agent Remote Code Execution Vulnerability
9 May 202000:00
zdt
CNVD
Zoho ManageEngine AssetExplorer Code Execution Vulnerability
24 Mar 202000:00
cnvd
Cvelist
CVE-2020-8838
23 Mar 202016:05
cvelist
EUVD
EUVD-2020-29681
7 Oct 202500:30
euvd
NVD
CVE-2020-8838
23 Mar 202017:15
nvd
OSV
CVE-2020-8838
23 Mar 202017:15
osv
Packet Storm
ManageEngine Asset Explorer Windows Agent Remote Code Execution
8 May 202000:00
packetstorm
Prion
Code injection
23 Mar 202017:15
prion
Positive Technologies
PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1
23 Mar 202000:00
ptsecurity
RedhatCVE
CVE-2020-8838
22 May 202515:42
redhatcve
Rows per page
NVD
ParameterPositionPathDescriptionCWE
WSNAMEquery param/?WSNAME=...&AUTH_TOKEN=...&AGENTID=...&TASK=...AUTH_TOKEN and related task query parameters used during upgrade; susceptible to MITM manipulation over HTTP.CWE-354
AUTH_TOKENquery param/?WSNAME=...&AUTH_TOKEN=...&AGENTID=...&TASK=...AUTH_TOKEN and related task query parameters used during upgrade; susceptible to MITM manipulation over HTTP.CWE-354
AGENTIDquery param/?WSNAME=...&AUTH_TOKEN=...&AGENTID=...&TASK=...AUTH_TOKEN and related task query parameters used during upgrade; susceptible to MITM manipulation over HTTP.CWE-354
TASKquery param/?WSNAME=...&AUTH_TOKEN=...&AGENTID=...&TASK=...AUTH_TOKEN and related task query parameters used during upgrade; susceptible to MITM manipulation over HTTP.CWE-354
statuspathdiscoveryServlet/AgentStatusServletAgent status reporting endpoint invoked after upgrade; insecure responses could be manipulated by an attacker in MITM scenarios.CWE-354
agentIdpathdiscoveryServlet/AgentStatusServletAgent status reporting endpoint invoked after upgrade; insecure responses could be manipulated by an attacker in MITM scenarios.CWE-354
wsNamepathdiscoveryServlet/AgentStatusServletAgent status reporting endpoint invoked after upgrade; insecure responses could be manipulated by an attacker in MITM scenarios.CWE-354
actionpathdiscoveryServlet/AgentStatusServletAgent status reporting endpoint invoked after upgrade; insecure responses could be manipulated by an attacker in MITM scenarios.CWE-354
errorpathdiscoveryServlet/AgentStatusServletAgent status reporting endpoint invoked after upgrade; insecure responses could be manipulated by an attacker in MITM scenarios.CWE-354

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:27Current
6.6Medium risk
Vulners AI Score6.6
CVSS 24.9
CVSS 3.16.4
EPSS0.01557
119