Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15394
HistorySep 25, 2020 - 7:15 a.m.

CVE-2020-15394

2020-09-2507:15:11
CWE-89
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.4%

JSON

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Affected configurations

NVD
Node
zohocorpmanageengine_applications_managerRange<14.0
OR
zohocorpmanageengine_applications_managerMatch14.0-
OR
zohocorpmanageengine_applications_managerMatch14.0build14000
OR
zohocorpmanageengine_applications_managerMatch14.0build14010
OR
zohocorpmanageengine_applications_managerMatch14.0build14020
OR
zohocorpmanageengine_applications_managerMatch14.0build14030
OR
zohocorpmanageengine_applications_managerMatch14.0build14040
OR
zohocorpmanageengine_applications_managerMatch14.0build14050
OR
zohocorpmanageengine_applications_managerMatch14.0build14060
OR
zohocorpmanageengine_applications_managerMatch14.0build14070
OR
zohocorpmanageengine_applications_managerMatch14.0build14071
OR
zohocorpmanageengine_applications_managerMatch14.0build14072
OR
zohocorpmanageengine_applications_managerMatch14.0build14073
OR
zohocorpmanageengine_applications_managerMatch14.0build14080
OR
zohocorpmanageengine_applications_managerMatch14.0build14090
OR
zohocorpmanageengine_applications_managerMatch14.0build14100
OR
zohocorpmanageengine_applications_managerMatch14.0build14110
OR
zohocorpmanageengine_applications_managerMatch14.0build14120
OR
zohocorpmanageengine_applications_managerMatch14.0build14130
OR
zohocorpmanageengine_applications_managerMatch14.0build14140
OR
zohocorpmanageengine_applications_managerMatch14.0build14150
OR
zohocorpmanageengine_applications_managerMatch14.0build14160
OR
zohocorpmanageengine_applications_managerMatch14.0build14170
OR
zohocorpmanageengine_applications_managerMatch14.0build14180
OR
zohocorpmanageengine_applications_managerMatch14.0build14190
OR
zohocorpmanageengine_applications_managerMatch14.0build14200
OR
zohocorpmanageengine_applications_managerMatch14.0build14210
OR
zohocorpmanageengine_applications_managerMatch14.0build14220
OR
zohocorpmanageengine_applications_managerMatch14.0build14230
OR
zohocorpmanageengine_applications_managerMatch14.0build14240
OR
zohocorpmanageengine_applications_managerMatch14.0build14250
OR
zohocorpmanageengine_applications_managerMatch14.0build14260
OR
zohocorpmanageengine_applications_managerMatch14.0build14261
OR
zohocorpmanageengine_applications_managerMatch14.0build14262
OR
zohocorpmanageengine_applications_managerMatch14.0build14270
OR
zohocorpmanageengine_applications_managerMatch14.0build14280
OR
zohocorpmanageengine_applications_managerMatch14.0build14290
OR
zohocorpmanageengine_applications_managerMatch14.0build14300
OR
zohocorpmanageengine_applications_managerMatch14.0build14310
OR
zohocorpmanageengine_applications_managerMatch14.0build14330
OR
zohocorpmanageengine_applications_managerMatch14.0build14331
OR
zohocorpmanageengine_applications_managerMatch14.0build14332
OR
zohocorpmanageengine_applications_managerMatch14.0build14340
OR
zohocorpmanageengine_applications_managerMatch14.0build14350
OR
zohocorpmanageengine_applications_managerMatch14.0build14360
OR
zohocorpmanageengine_applications_managerMatch14.0build14361
OR
zohocorpmanageengine_applications_managerMatch14.0build14370
OR
zohocorpmanageengine_applications_managerMatch14.0build14380
OR
zohocorpmanageengine_applications_managerMatch14.0build14390
OR
zohocorpmanageengine_applications_managerMatch14.0build14400
OR
zohocorpmanageengine_applications_managerMatch14.0build14401
OR
zohocorpmanageengine_applications_managerMatch14.0build14410
OR
zohocorpmanageengine_applications_managerMatch14.0build14420
OR
zohocorpmanageengine_applications_managerMatch14.0build14430
OR
zohocorpmanageengine_applications_managerMatch14.0build14440
OR
zohocorpmanageengine_applications_managerMatch14.0build14450
OR
zohocorpmanageengine_applications_managerMatch14.0build14460
OR
zohocorpmanageengine_applications_managerMatch14.0build14470
OR
zohocorpmanageengine_applications_managerMatch14.0build14480
OR
zohocorpmanageengine_applications_managerMatch14.0build14490
OR
zohocorpmanageengine_applications_managerMatch14.0build14500
OR
zohocorpmanageengine_applications_managerMatch14.0build14510
OR
zohocorpmanageengine_applications_managerMatch14.0build14520
OR
zohocorpmanageengine_applications_managerMatch14.0build14530
OR
zohocorpmanageengine_applications_managerMatch14.0build14531
OR
zohocorpmanageengine_applications_managerMatch14.0build14532
OR
zohocorpmanageengine_applications_managerMatch14.0build14533
OR
zohocorpmanageengine_applications_managerMatch14.0build14540
OR
zohocorpmanageengine_applications_managerMatch14.0build14550
OR
zohocorpmanageengine_applications_managerMatch14.0build14560
OR
zohocorpmanageengine_applications_managerMatch14.0build14570
OR
zohocorpmanageengine_applications_managerMatch14.0build14580
OR
zohocorpmanageengine_applications_managerMatch14.0build14590
OR
zohocorpmanageengine_applications_managerMatch14.0build14600
OR
zohocorpmanageengine_applications_managerMatch14.0build14610
OR
zohocorpmanageengine_applications_managerMatch14.0build14620
OR
zohocorpmanageengine_applications_managerMatch14.0build14630
OR
zohocorpmanageengine_applications_managerMatch14.0build14660
OR
zohocorpmanageengine_applications_managerMatch14.0build14670
OR
zohocorpmanageengine_applications_managerMatch14.0build14681
OR
zohocorpmanageengine_applications_managerMatch14.0build14682
OR
zohocorpmanageengine_applications_managerMatch14.0build14683
OR
zohocorpmanageengine_applications_managerMatch14.0build14684
OR
zohocorpmanageengine_applications_managerMatch14.0build14685
OR
zohocorpmanageengine_applications_managerMatch14.0build14690
OR
zohocorpmanageengine_applications_managerMatch14.0build14700
OR
zohocorpmanageengine_applications_managerMatch14.0build14710
OR
zohocorpmanageengine_applications_managerMatch14.0build14720
OR
zohocorpmanageengine_applications_managerMatch14.0build14730

Related

cvelist 1
prion 1
cve 1
nessus 1
cvelist
cvelist
CVE-2020-15394
2020-09-25 06:11:41
prion
prion
Sql injection
2020-09-25 07:15:00
cve
cve
CVE-2020-15394
2020-09-25 07:15:11
nessus
nessus
ManageEngine Applications Manager REST API SQLi
2021-01-07 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.4%

JSON
Related for NVD:CVE-2020-15394
cvelist1prion1cve1nessus1