Vulnerabilites related to zohocorp - manageengine_applications_manager
Vulnerability from fkie_nvd
Published
2018-07-13 20:29
Modified
2024-11-21 03:01
Severity ?
Summary
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html | Vendor Advisory | |
| cret@cert.org | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 12.0 | |
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "627D0D5D-1B83-4480-BE43-5D1F1D95F563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
},
{
"lang": "es",
"value": "ManageEngine Applications Manager 12 y 13 antes de la build 13200 permite la deserializaci\u00f3n de objetos Java inseguros. La vulnerabilidad puede ser explotada por usuarios remotos sin autenticaci\u00f3n y permite la ejecuci\u00f3n de c\u00f3digo remoto que comprometa la aplicaci\u00f3n, as\u00ed como el sistema operativo. Como el registro RMI de Application Manager se ejecuta con privilegios de administrador del sistema, al explotar esta vulnerabilidad un atacante obtiene los mayores privilegios en el sistema operativo subyacente."
}
],
"id": "CVE-2016-9498",
"lastModified": "2024-11-21T03:01:20.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T20:29:01.940",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-16 03:15
Modified
2024-11-21 04:28
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/47228 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/47228 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0916CB-CF3C-411C-9C6B-ED9B2CF0336C",
"versionEndIncluding": "14.2",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine Application Manager versiones hasta 14.2. Se presenta una vulnerabilidad de inyecci\u00f3n SQL en el archivo jsp/NewThresholdConfiguration.jsp por medio del par\u00e1metro resourceid. Por lo tanto, un usuario con poca autoridad puede conseguir la autoridad de SYSTEM en el servidor. En consecuencia, se puede cargar un archivo malicioso utilizando la funcionalidad \"Execute Program Action(s)\"."
}
],
"id": "CVE-2019-15105",
"lastModified": "2024-11-21T04:28:03.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-16T03:15:11.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47228"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-06 03:29
Modified
2024-11-21 03:44
Severity ?
Summary
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13:*:*:*:*:*:*:*",
"matchCriteriaId": "520834C6-241F-4382-B3E2-B72D2037CA9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is \"NT AUTHORITY / SYSTEM\") by sending a specially crafted request to the server."
},
{
"lang": "es",
"value": "Control de acceso incorrecto en CustomFieldsFeedServlet en ManageEngine Applications Manager, en las versiones 13 anteriores a la build 13740, permite que un atacante elimine cualquier archivo y leer ciertos archivos en el servidor en el contexto del usuario (que por defecto es \"NT AUTHORITY / SYSTEM\") mediante el env\u00edo de una petici\u00f3n especialmente manipulada al servidor."
}
],
"id": "CVE-2018-11808",
"lastModified": "2024-11-21T03:44:04.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T03:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104467"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kactrosN/publicdisclosures"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kactrosN/publicdisclosures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 01:15
Modified
2025-02-10 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B59BA41-4B35-4045-93B0-3C680F030E45",
"versionEndExcluding": "16.3",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.9:build15990:*:*:*:*:*:*",
"matchCriteriaId": "F17AAB7B-79D3-4431-917D-83678ACBFAC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16330:*:*:*:*:*:*",
"matchCriteriaId": "6251408C-2192-44E7-A8D8-92EE97BC3D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16340:*:*:*:*:*:*",
"matchCriteriaId": "9F50F891-EA20-4DAC-A100-C80FC455FF15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page."
}
],
"id": "CVE-2023-28341",
"lastModified": "2025-02-10T21:15:15.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T01:15:07.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 19:15
Modified
2024-11-21 05:07
Severity ?
Summary
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFA93E1-9980-40EC-8E35-F43CECB4F85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*",
"matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*",
"matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*",
"matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*",
"matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*",
"matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*",
"matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versi\u00f3n 14740 y anteriores, permite una inyecci\u00f3n SQL autenticada por medio de una petici\u00f3n jsp dise\u00f1ada en el m\u00f3dulo RCA"
}
],
"id": "CVE-2020-16267",
"lastModified": "2024-11-21T05:07:03.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T19:15:14.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-24 19:15
Modified
2024-11-21 06:47
Severity ?
Summary
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_applications_manager | 15.5 | |
| zohocorp | manageengine_applications_manager | 15.5 | |
| zohocorp | manageengine_applications_manager | 15.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A06C5EC-9980-4CBB-9BF9-D2B9934495B7",
"versionEndExcluding": "15.5",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:-:*:*:*:*:*:*",
"matchCriteriaId": "5FF2D7BB-4150-4B3E-967B-0BC77A179576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15500:*:*:*:*:*:*",
"matchCriteriaId": "C174DC8E-E0AD-492B-AE5D-6D17D062314E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15510:*:*:*:*:*:*",
"matchCriteriaId": "DB5FBF55-196C-4A92-A6E9-10078929D5DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
},
{
"lang": "es",
"value": "ManageEngine AppManager15 (Build No:15510) permite a un usuario administrador autenticado subir un archivo DLL para llevar a cabo un ataque de secuestro de DLL dentro de la carpeta \"working\" mediante la funcionalidad \"Upload Files / Binaries\""
}
],
"id": "CVE-2022-23050",
"lastModified": "2024-11-21T06:47:53.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-24T19:15:09.567",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 03:08
Severity ?
Summary
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*",
"matchCriteriaId": "0ADA2415-EC81-4764-9649-010776AF62CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the \u0027haid\u0027 parameter of the \u0027/auditLogAction.do\u0027 module is vulnerable to a Time-based Blind SQL Injection attack."
},
{
"lang": "es",
"value": "En Zoho ManageEngine Application Manager anterior a la version 14.6 Build 14660, el par\u00e1metro \u0027haid\u0027 del m\u00f3dulo \u0027/auditLogAction.do\u0027 es vulnerable a un ataque de inyecci\u00f3n SQL tipo time-based-blind"
}
],
"id": "CVE-2017-11738",
"lastModified": "2024-11-21T03:08:24.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T16:29:08.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108470"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 18:16
Modified
2024-11-21 04:35
Severity ?
Summary
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2019-19650 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2019-19650 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72FB0868-47E0-43A3-9C15-651CF6746C77",
"versionEndExcluding": "13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones anteriores a 13640, permite una inyecci\u00f3n SQL autenticada remota por medio del par\u00e1metro Agentid del agente servlet en la funci\u00f3n del proceso Agent.java."
}
],
"id": "CVE-2019-19650",
"lastModified": "2024-11-21T04:35:08.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T18:16:19.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19650"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-08 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*",
"matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*",
"matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*",
"matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*",
"matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*",
"matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*",
"matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14750:*:*:*:*:*:*",
"matchCriteriaId": "321E01B9-1FD3-4B08-A985-A204E83D3948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14760:*:*:*:*:*:*",
"matchCriteriaId": "50171A54-39D8-4CAE-AFFC-3324F82CDC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14770:*:*:*:*:*:*",
"matchCriteriaId": "98805CD2-3497-46C4-88EF-11FE5611AC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14780:*:*:*:*:*:*",
"matchCriteriaId": "D365E192-F36E-40B1-A5E9-1A3543019C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones 14780 y anteriores, permiten a un atacante remoto no autenticado registrar servidores administrados por medio del servlet AAMRequestProcessor"
}
],
"id": "CVE-2020-10816",
"lastModified": "2024-11-21T04:56:07.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-08T17:15:12.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-10816"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-10816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFA93E1-9980-40EC-8E35-F43CECB4F85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*",
"matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*",
"matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*",
"matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*",
"matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*",
"matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*",
"matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versi\u00f3n 14740 y anteriores, permite una inyecci\u00f3n SQL autenticada por medio de una petici\u00f3n jsp dise\u00f1ada en el m\u00f3dulo SAP"
}
],
"id": "CVE-2020-15927",
"lastModified": "2024-11-21T05:06:28.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T19:15:13.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 01:15
Modified
2025-02-10 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_applications_manager | 16.3 | |
| zohocorp | manageengine_applications_manager | 16.3 | |
| zohocorp | manageengine_applications_manager | 16.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71A91D5D-BA60-4FAC-92D7-DD477399A552",
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack."
}
],
"id": "CVE-2023-28340",
"lastModified": "2025-02-10T21:15:15.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T01:15:07.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-02 11:29
Modified
2024-11-21 03:46
Severity ?
Summary
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en Zoho ManageEngine Applications Manager en versiones 13.x anteriores a la build 13800 mediante el par\u00e1metro j_username en una petici\u00f3n POST en /j_security_check."
}
],
"id": "CVE-2018-13050",
"lastModified": "2024-11-21T03:46:18.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T11:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-04 15:15
Modified
2024-11-21 05:02
Severity ?
Summary
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com | Product, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html#14730 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html#14730 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E194DC-2587-485A-A790-9B409976F61A",
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14560:*:*:*:*:*:*",
"matchCriteriaId": "B2988A57-57DE-4FA7-B7D0-947E112D3425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14570:*:*:*:*:*:*",
"matchCriteriaId": "D9DFAB54-8B32-4502-89C7-DDBA04C0D140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14580:*:*:*:*:*:*",
"matchCriteriaId": "B3D3D6D9-D223-467F-8A42-F0A3FF804915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14590:*:*:*:*:*:*",
"matchCriteriaId": "8375AB0F-8478-4738-9CB7-06F50CFF3635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14600:*:*:*:*:*:*",
"matchCriteriaId": "72553828-2E9A-4D00-83D4-B03175D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14610:*:*:*:*:*:*",
"matchCriteriaId": "A2D6E6A8-8011-4B65-8E32-E6F28B2CF8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14620:*:*:*:*:*:*",
"matchCriteriaId": "B2023874-33CA-4545-A8A9-24E97EC8C347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14630:*:*:*:*:*:*",
"matchCriteriaId": "B4239B72-6CC4-42FC-8B1B-DD6D352FF460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14660:*:*:*:*:*:*",
"matchCriteriaId": "F9BC2425-4763-4564-A6AA-67CCA369F8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14670:*:*:*:*:*:*",
"matchCriteriaId": "46210773-F4A4-4A45-B121-925F41F60824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14681:*:*:*:*:*:*",
"matchCriteriaId": "4CE6B9FB-9EB3-4299-A68A-CB8B526F8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14682:*:*:*:*:*:*",
"matchCriteriaId": "AB440A39-D56A-4006-BD5C-841B743206DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14683:*:*:*:*:*:*",
"matchCriteriaId": "DAAB6627-826F-4533-BBA9-B66363DA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14684:*:*:*:*:*:*",
"matchCriteriaId": "D533490F-0026-48B9-83B1-71ECC9343F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14685:*:*:*:*:*:*",
"matchCriteriaId": "FED82DD4-A755-4133-878A-B481EBFBCBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14690:*:*:*:*:*:*",
"matchCriteriaId": "BCB56836-19C3-468E-B55F-A2A6E791A1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14700:*:*:*:*:*:*",
"matchCriteriaId": "076BBC38-865B-458A-9ECF-EE705CA180DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14710:*:*:*:*:*:*",
"matchCriteriaId": "8D81984A-E164-4E37-9895-29088EA2F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones 14710 y anteriores, permite a un usuario administrador autenticado cargar un jar vulnerable en una ubicaci\u00f3n espec\u00edfica, lo que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2020-14008",
"lastModified": "2024-11-21T05:02:20.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-04T15:15:10.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#14730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#14730"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 07:15
Modified
2024-11-21 05:05
Severity ?
Summary
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1CE18-4260-4BF1-8CF7-8EC4240DABDA",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14560:*:*:*:*:*:*",
"matchCriteriaId": "B2988A57-57DE-4FA7-B7D0-947E112D3425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14570:*:*:*:*:*:*",
"matchCriteriaId": "D9DFAB54-8B32-4502-89C7-DDBA04C0D140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14580:*:*:*:*:*:*",
"matchCriteriaId": "B3D3D6D9-D223-467F-8A42-F0A3FF804915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14590:*:*:*:*:*:*",
"matchCriteriaId": "8375AB0F-8478-4738-9CB7-06F50CFF3635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14600:*:*:*:*:*:*",
"matchCriteriaId": "72553828-2E9A-4D00-83D4-B03175D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14610:*:*:*:*:*:*",
"matchCriteriaId": "A2D6E6A8-8011-4B65-8E32-E6F28B2CF8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14620:*:*:*:*:*:*",
"matchCriteriaId": "B2023874-33CA-4545-A8A9-24E97EC8C347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14630:*:*:*:*:*:*",
"matchCriteriaId": "B4239B72-6CC4-42FC-8B1B-DD6D352FF460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14660:*:*:*:*:*:*",
"matchCriteriaId": "F9BC2425-4763-4564-A6AA-67CCA369F8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14670:*:*:*:*:*:*",
"matchCriteriaId": "46210773-F4A4-4A45-B121-925F41F60824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14681:*:*:*:*:*:*",
"matchCriteriaId": "4CE6B9FB-9EB3-4299-A68A-CB8B526F8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14682:*:*:*:*:*:*",
"matchCriteriaId": "AB440A39-D56A-4006-BD5C-841B743206DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14683:*:*:*:*:*:*",
"matchCriteriaId": "DAAB6627-826F-4533-BBA9-B66363DA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14684:*:*:*:*:*:*",
"matchCriteriaId": "D533490F-0026-48B9-83B1-71ECC9343F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14685:*:*:*:*:*:*",
"matchCriteriaId": "FED82DD4-A755-4133-878A-B481EBFBCBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14690:*:*:*:*:*:*",
"matchCriteriaId": "BCB56836-19C3-468E-B55F-A2A6E791A1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14700:*:*:*:*:*:*",
"matchCriteriaId": "076BBC38-865B-458A-9ECF-EE705CA180DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14710:*:*:*:*:*:*",
"matchCriteriaId": "8D81984A-E164-4E37-9895-29088EA2F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14720:*:*:*:*:*:*",
"matchCriteriaId": "09D063AF-7BBF-4E85-A86E-115F3633A805",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) ."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones anteriores a 14 build 14730, no presenta protecci\u00f3n contra un Cross-site Scripting (XSS) del archivo jsp/header.jsp"
}
],
"id": "CVE-2020-15521",
"lastModified": "2024-11-21T05:05:41.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T07:15:11.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14730"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-05 17:29
Modified
2024-11-21 03:16
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13500 permite una inyecci\u00f3n SQL postautenticaci\u00f3n mediante el par\u00e1metro name en una petici\u00f3n manageApplications.do?method=insert."
}
],
"id": "CVE-2017-16542",
"lastModified": "2024-11-21T03:16:32.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-05T17:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 22:29
Modified
2024-11-21 04:12
Severity ?
Summary
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05534D6B-400B-4F7B-B56D-09B889226431",
"versionEndExcluding": "13.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de ejecuci\u00f3n remota de c\u00f3digo en Zoho ManageEngine Applications Manager, en versiones anteriores a la 13.6 (build 13640). El endpoint accesible de forma p\u00fablica testCredential.do toma m\u00faltiples entradas de usuario y valida las credenciales proporcionadas mediante el acceso a un sistema especificado. Este endpoint llama a varias clases internas y, a continuaci\u00f3n, ejecuta un script PowerShell. Si el sistema especificado es OfficeSharePointServer, los par\u00e1metros username y password de este script no se validan, lo que desemboca en una inyecci\u00f3n de comandos."
}
],
"id": "CVE-2018-7890",
"lastModified": "2024-11-21T04:12:55.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T22:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103358"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/9684"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44274/"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/9684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44274/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 07:15
Modified
2024-11-21 05:05
Severity ?
Summary
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1CE18-4260-4BF1-8CF7-8EC4240DABDA",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14560:*:*:*:*:*:*",
"matchCriteriaId": "B2988A57-57DE-4FA7-B7D0-947E112D3425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14570:*:*:*:*:*:*",
"matchCriteriaId": "D9DFAB54-8B32-4502-89C7-DDBA04C0D140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14580:*:*:*:*:*:*",
"matchCriteriaId": "B3D3D6D9-D223-467F-8A42-F0A3FF804915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14590:*:*:*:*:*:*",
"matchCriteriaId": "8375AB0F-8478-4738-9CB7-06F50CFF3635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14600:*:*:*:*:*:*",
"matchCriteriaId": "72553828-2E9A-4D00-83D4-B03175D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14610:*:*:*:*:*:*",
"matchCriteriaId": "A2D6E6A8-8011-4B65-8E32-E6F28B2CF8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14620:*:*:*:*:*:*",
"matchCriteriaId": "B2023874-33CA-4545-A8A9-24E97EC8C347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14630:*:*:*:*:*:*",
"matchCriteriaId": "B4239B72-6CC4-42FC-8B1B-DD6D352FF460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14660:*:*:*:*:*:*",
"matchCriteriaId": "F9BC2425-4763-4564-A6AA-67CCA369F8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14670:*:*:*:*:*:*",
"matchCriteriaId": "46210773-F4A4-4A45-B121-925F41F60824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14681:*:*:*:*:*:*",
"matchCriteriaId": "4CE6B9FB-9EB3-4299-A68A-CB8B526F8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14682:*:*:*:*:*:*",
"matchCriteriaId": "AB440A39-D56A-4006-BD5C-841B743206DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14683:*:*:*:*:*:*",
"matchCriteriaId": "DAAB6627-826F-4533-BBA9-B66363DA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14684:*:*:*:*:*:*",
"matchCriteriaId": "D533490F-0026-48B9-83B1-71ECC9343F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14685:*:*:*:*:*:*",
"matchCriteriaId": "FED82DD4-A755-4133-878A-B481EBFBCBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14690:*:*:*:*:*:*",
"matchCriteriaId": "BCB56836-19C3-468E-B55F-A2A6E791A1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14700:*:*:*:*:*:*",
"matchCriteriaId": "076BBC38-865B-458A-9ECF-EE705CA180DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14710:*:*:*:*:*:*",
"matchCriteriaId": "8D81984A-E164-4E37-9895-29088EA2F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14720:*:*:*:*:*:*",
"matchCriteriaId": "09D063AF-7BBF-4E85-A86E-115F3633A805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14730:*:*:*:*:*:*",
"matchCriteriaId": "3879513B-312B-47DF-9CA9-27E99C52F045",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution."
},
{
"lang": "es",
"value": "La API REST en Zoho ManageEngine Applications Manager versiones anteriores a build 14740, permite una inyecci\u00f3n SQL no autenticada por medio de una petici\u00f3n dise\u00f1ada, conllevando a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2020-15394",
"lastModified": "2024-11-21T05:05:28.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T07:15:11.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-29 12:29
Modified
2024-11-21 03:46
Severity ?
Summary
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32C53A28-F1E9-4152-9818-7435344F3ED8",
"versionEndIncluding": "13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027method\u0027 to GraphicalView.do."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en versiones anteriores a la 13 (Build 13800) de Zoho ManageEngine Applications Manager permite a atacantes remotos inyectar scripts web o HTML arbitrarios mediante el par\u00e1metro \"method\" en GraphicalView.do."
}
],
"id": "CVE-2018-12996",
"lastModified": "2024-11-21T03:46:12.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-29T12:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/71"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/unh3x/just4cve/issues/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/unh3x/just4cve/issues/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-23 04:29
Modified
2024-11-21 04:21
Severity ?
Summary
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB04F529-E2A2-4D03-A8AD-ADD435F37C97",
"versionEndIncluding": "14.0",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the \"Execute Program Action(s)\" feature."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager, versiones desde 12 hasta 14, permite la inyecci\u00f3n de SQL del resourceid FaultTemplateOptions.jsp. Posteriormente, un usuario no autenticado puede obtener la autoridad de SYSTEM en el servidor cargando un archivo malicioso a trav\u00e9s de la funci\u00f3n \"Ejecutar acci\u00f3n(es) de programa\"."
}
],
"id": "CVE-2019-11469",
"lastModified": "2024-11-21T04:21:08.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T04:29:01.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46740"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46740/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46740/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 03:08
Severity ?
Summary
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*",
"matchCriteriaId": "0ADA2415-EC81-4764-9649-010776AF62CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a \"Utility Widget\" with a \"Custom HTML or Text\" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a \"Utility Widget\" that contains malicious JavaScript code, aka XSS."
},
{
"lang": "es",
"value": "En Zoho ManageEngine Application Manager 13.1 Build 13100, un usuario autenticado, con privilegios administrativos, tiene la facultad de agregar un widget en cualquier panel. Este widget puede ser un \"Utility Widget\" con un campo \"Custom HTML or Text\". Una vez que este widget sea creado, ser\u00e1 cargado en el panel donde fue agregado. Un atacante puede abusar de esta funcionalidad mediante la creaci\u00f3n de un \"Utility Widget\" que contenga un c\u00f3digo JavaScript malicioso, tambi\u00e9n conocido como XSS."
}
],
"id": "CVE-2017-11739",
"lastModified": "2024-11-21T03:08:24.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T16:29:08.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108469"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 17:15
Modified
2024-11-21 02:18
Severity ?
Summary
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_it360 | * | |
| zohocorp | manageengine_opmanager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B406C4-8301-4D81-B59E-D35965300845",
"versionEndIncluding": "11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A4045-C496-430F-91AA-142165AC14F9",
"versionEndIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A06A75D-BDDF-4D26-AA17-325C2C64859B",
"versionEndIncluding": "11.5",
"versionStartIncluding": "8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet."
},
{
"lang": "es",
"value": "El servlet FailOverHelperServlet (tambi\u00e9n se conoce como FailServlet) en ZOHO ManageEngine Applications Manager versiones anteriores a 11.9 build 11912, OpManager versiones 8 hasta 11.5 build 11400 e IT360 versiones 10.5 y anteriores, no restringe el acceso apropiadamente, lo que permite a atacantes remotos y a usuarios autenticados remotos (1) leer archivos arbitrarios por medio del par\u00e1metro fileName en una operaci\u00f3n copyfile u (2) obtener informaci\u00f3n confidencial por medio de un listado de directorio en una operaci\u00f3n listdirectory en servlet/FailOverHelperServlet."
}
],
"id": "CVE-2014-7863",
"lastModified": "2024-11-21T02:18:09.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T17:15:10.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 11:29
Modified
2024-11-21 04:21
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F54D5E-6525-43B8-B456-F529AE1DB947",
"versionEndIncluding": "14.0",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Zoho ManageEngine Applications Manager 11.0 hasta 14.0. Un usuario no autenticado puede obtener la autoridad de SYSTEM en el servidor debido a una vulnerabilidad SQL injection en Popup_SLA.jsp. Por ejemplo, el atacante puede escribir posteriormente texto arbitrario en un archivo.vbs."
}
],
"id": "CVE-2019-11448",
"lastModified": "2024-11-21T04:21:05.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T11:29:06.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46725"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46725/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46725/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyecci\u00f3n SQL mediante el par\u00e1metro forpage en /MyPage.do?method=viewDashBoard."
}
],
"id": "CVE-2017-16849",
"lastModified": "2024-11-21T03:17:05.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-05 14:15
Modified
2024-11-21 05:28
Severity ?
Summary
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1656CE73-61BC-4AEA-9452-BBF0CB6BCE76",
"versionEndExcluding": "14.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:-:*:*:*:*:*:*",
"matchCriteriaId": "DA81156E-06F7-4FCF-BBC1-6827B973277E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:build14900:*:*:*:*:*:*",
"matchCriteriaId": "070B3906-E0C9-46E7-BCE9-8032A428D429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:build14910:*:*:*:*:*:*",
"matchCriteriaId": "DA2DE27F-09A3-4345-B8A7-5C4DC382DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:build14911:*:*:*:*:*:*",
"matchCriteriaId": "A92C173E-A1C9-4537-A72B-DC3FC781E6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.9:build14930:*:*:*:*:*:*",
"matchCriteriaId": "02EE07E2-9B99-42F2-8BCF-75CB8E654811",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do."
},
{
"lang": "es",
"value": "doFilter en com.adventnet.appmanager.filter.UriCollector en Zoho ManageEngine Applications Manager versiones hasta 14930, permite una inyecci\u00f3n SQL autenticada por medio del par\u00e1metro resourceid en showresource.do"
}
],
"id": "CVE-2020-35765",
"lastModified": "2024-11-21T05:28:02.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-05T14:15:16.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v15000"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v15000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-01 07:15
Modified
2024-08-15 18:05
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "480B0626-2047-4A6F-8F92-F680D8E2929A",
"versionEndExcluding": "16.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "CE6C088B-F1DF-4F2A-9E3B-4AD087867A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:*",
"matchCriteriaId": "977D742E-A4A3-4197-99CC-86A0630DFC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:*",
"matchCriteriaId": "F007885B-D1CF-49E5-BA5E-95C764B7DEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:*",
"matchCriteriaId": "EF18E6CE-1D00-4AC6-A0E7-E825B20C27B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:*",
"matchCriteriaId": "F37D024B-09D7-4199-915B-BF0F91306FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:*",
"matchCriteriaId": "1099AC26-DF08-459E-B6DF-31648D40A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:*",
"matchCriteriaId": "2B119FB2-3AB7-4179-A3D9-237843C7B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:*",
"matchCriteriaId": "E084E42D-39B6-4F25-87A6-DDC504F1F464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:*",
"matchCriteriaId": "618F55F5-58E7-4028-B43B-1C9BE8A545F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6DBF4AD2-F1FA-4397-872D-15F7F0B499ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*",
"matchCriteriaId": "24D9A360-987B-4631-AC4E-A83C19AC6218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*",
"matchCriteriaId": "CF0F0C0E-7534-490B-B009-8B24E258D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170100:*:*:*:*:*:*",
"matchCriteriaId": "062BCDE1-D732-4482-B537-99857394F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170200:*:*:*:*:*:*",
"matchCriteriaId": "6A6041F0-C3E7-46E6-B38B-8B4487149F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170300:*:*:*:*:*:*",
"matchCriteriaId": "AF8451A5-0CCA-48C7-85A4-DD79A5CA1B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170400:*:*:*:*:*:*",
"matchCriteriaId": "EAA9B92E-84D6-4AE9-80AB-CFF73D05E4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170500:*:*:*:*:*:*",
"matchCriteriaId": "A853E473-DB79-4605-BEA8-82EAE1481253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170600:*:*:*:*:*:*",
"matchCriteriaId": "5A466A9F-DE75-45F0-9EC5-BAE651E5E491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170700:*:*:*:*:*:*",
"matchCriteriaId": "F9085451-8E09-43C4-9A59-2F46DE8FDCB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170800:*:*:*:*:*:*",
"matchCriteriaId": "0D1BA6B5-E27A-451F-8ABB-7C5C2066FBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170900:*:*:*:*:*:*",
"matchCriteriaId": "FDEDFF09-0539-4833-9568-8AA868506219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
},
{
"lang": "es",
"value": " Zohocorp ManageEngine Applications Manager versiones 170900 e inferiores son vulnerables a la inyecci\u00f3n SQL autenticada solo para administradores en la funci\u00f3n Create Monitor."
}
],
"id": "CVE-2024-5678",
"lastModified": "2024-08-15T18:05:54.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-01T07:15:03.053",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-01 19:15
Modified
2024-11-21 05:05
Severity ?
Summary
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25A81A-07FE-48D9-BF2E-AA0A0FE10988",
"versionEndExcluding": "14.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:*",
"matchCriteriaId": "D6487B15-0328-4FF9-9F62-01DAFCEABE1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14680:*:*:*:*:*:*",
"matchCriteriaId": "B84D295A-7F52-4EE5-8ECD-9D707280C3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14681:*:*:*:*:*:*",
"matchCriteriaId": "9806D9E3-DB63-487F-9BF6-AFFA1A44099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14682:*:*:*:*:*:*",
"matchCriteriaId": "88D84E0D-6264-4061-84AF-273FDE32C8DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14683:*:*:*:*:*:*",
"matchCriteriaId": "FE57EE9F-FE48-41BC-9A41-8F5BEF8A7632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14690:*:*:*:*:*:*",
"matchCriteriaId": "5B8D9DF8-0891-4858-B507-021B8EE1A624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*",
"matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*",
"matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*",
"matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*",
"matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*",
"matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*",
"matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."
},
{
"lang": "es",
"value": "En Zoho ManageEngine Application Manager versi\u00f3n 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el m\u00f3dulo AlarmEscalation es vulnerable a un ataque de inyecci\u00f3n SQL no autenticado"
}
],
"id": "CVE-2020-15533",
"lastModified": "2024-11-21T05:05:42.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-01T19:15:12.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-13 17:15
Modified
2024-11-21 04:35
Severity ?
Summary
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90FD27BF-36C5-40A5-B5C3-C31808322BB5",
"versionEndExcluding": "14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:-:*:*:*:*:*:*",
"matchCriteriaId": "316E7CC7-7E2F-4C21-8897-6184672FAFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14500:*:*:*:*:*:*",
"matchCriteriaId": "00B5B1A9-0B70-49F6-A372-5D2C8FC954E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14510:*:*:*:*:*:*",
"matchCriteriaId": "538B8DC0-3F93-41CA-8E7A-6F7DCD39B374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14520:*:*:*:*:*:*",
"matchCriteriaId": "B31B772F-6E3E-4F15-B535-B278584B1DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14530:*:*:*:*:*:*",
"matchCriteriaId": "1A39AA63-F9AC-4814-869F-FDE3F7D421D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14540:*:*:*:*:*:*",
"matchCriteriaId": "ED7D4D00-98DA-4D7F-B575-6C7841C3A018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14560:*:*:*:*:*:*",
"matchCriteriaId": "4B59C0DF-CECF-458C-B944-5BDFBA841D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14570:*:*:*:*:*:*",
"matchCriteriaId": "D5CA9BF9-DC6A-4F8A-AD14-B8006B254EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14580:*:*:*:*:*:*",
"matchCriteriaId": "4B969072-4A13-450E-B7DD-95D910AB42E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14590:*:*:*:*:*:*",
"matchCriteriaId": "874F235C-7A32-4B1F-B651-50DAD28F70D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager anterior a la versi\u00f3n 14600 permite que un atacante remoto no autenticado revele informaci\u00f3n relacionada con la licencia a trav\u00e9s del servlet WieldFeedServlet."
}
],
"id": "CVE-2019-19799",
"lastModified": "2024-11-21T04:35:24.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-13T17:15:11.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/cve-2019-19799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/cve-2019-19799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-10 18:15
Modified
2024-11-21 05:23
Severity ?
Summary
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html#v14550 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html#v14550 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11010:*:*:*:*:*:*",
"matchCriteriaId": "A02C9186-B520-4F35-B45C-DC41C2A1A305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11020:*:*:*:*:*:*",
"matchCriteriaId": "B6B96F45-F0FF-43B1-AB61-9786F3715A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11030:*:*:*:*:*:*",
"matchCriteriaId": "7382D162-2DF5-48E4-A003-9664B1061393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11040:*:*:*:*:*:*",
"matchCriteriaId": "572DF249-439B-41B2-99C2-DCC414C84D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11100:*:*:*:*:*:*",
"matchCriteriaId": "8D73C24C-FE82-4D62-9A4E-5585FD380D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.1:build11110:*:*:*:*:*:*",
"matchCriteriaId": "6057D644-AF82-41AD-B5F7-4871187BD47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11200:*:*:*:*:*:*",
"matchCriteriaId": "1A61E4BB-0336-49E4-8F6F-F36473C8AD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11210:*:*:*:*:*:*",
"matchCriteriaId": "2A124333-9099-47C7-8268-28FC94F307FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11220:*:*:*:*:*:*",
"matchCriteriaId": "38106D43-D185-4BEA-A6E4-C5DE1E38CE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.3:build11300:*:*:*:*:*:*",
"matchCriteriaId": "A9BC0CAD-2956-4EE9-8F25-365F15C0A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.4:build11410:*:*:*:*:*:*",
"matchCriteriaId": "5855D8DE-9E4E-49DF-ACC4-D57CC367A710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.5:build11520:*:*:*:*:*:*",
"matchCriteriaId": "420B0582-5152-47F4-A7DA-D8E8BD55168D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.6:build11610:*:*:*:*:*:*",
"matchCriteriaId": "D562A1CF-31D1-4C12-B306-E9D3659E6354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.7:build11700:*:*:*:*:*:*",
"matchCriteriaId": "F7F75C4B-E4AC-4194-B3D9-FA7E7B25C908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.8:build11800:*:*:*:*:*:*",
"matchCriteriaId": "B75F16D5-ADFC-483B-B3DF-0D740E5ADFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11900:*:*:*:*:*:*",
"matchCriteriaId": "D781107A-E42F-4078-BD0C-0A2EEC0040D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11912:*:*:*:*:*:*",
"matchCriteriaId": "09062DCF-0672-44F2-AE35-C4098619218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12000:*:*:*:*:*:*",
"matchCriteriaId": "E415DD31-1097-459D-A6BF-CF5065B22EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12010:*:*:*:*:*:*",
"matchCriteriaId": "9620E7A2-64A5-4549-B33B-47518C32F05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12020:*:*:*:*:*:*",
"matchCriteriaId": "9C4972CF-D4A5-4C7F-8F58-AE5519FDE3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "F3AC47FD-657A-449B-ADA6-6E6E2B9D58B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "0D0FD885-A5B5-4A57-87CF-FCC57BCFB47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12200:*:*:*:*:*:*",
"matchCriteriaId": "A18E7CD5-1B21-4544-BFB1-61E30DC08C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12210:*:*:*:*:*:*",
"matchCriteriaId": "7F83E0B6-B266-481A-AB29-E8BCC210208F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:build12300:*:*:*:*:*:*",
"matchCriteriaId": "4057A1AB-D3D3-43F4-8343-A51141365C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5:build12500:*:*:*:*:*:*",
"matchCriteriaId": "50BC96D5-F81D-4FEF-A68B-AE2D7C81CB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6:build12600:*:*:*:*:*:*",
"matchCriteriaId": "08765095-9D6F-43E5-A6DD-6480F05F6214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12700:*:*:*:*:*:*",
"matchCriteriaId": "2A6D2A1E-F1A5-4023-BC62-D6B4869A853C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12710:*:*:*:*:*:*",
"matchCriteriaId": "3AAD8C61-E21E-4D7F-A00F-D4C822F848A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8:build12810:*:*:*:*:*:*",
"matchCriteriaId": "955DD735-0F43-423A-BF2E-F0BC35544090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9:build12900:*:*:*:*:*:*",
"matchCriteriaId": "67A35E49-45A3-4CE0-A38F-0CE843462138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:build13000:*:*:*:*:*:*",
"matchCriteriaId": "362131C4-91D5-41F5-AF17-B5A61EA602BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:build13100:*:*:*:*:*:*",
"matchCriteriaId": "971C349D-5801-4066-B587-22A96689A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13200:*:*:*:*:*:*",
"matchCriteriaId": "E508295E-E422-4509-9E74-64A4097274F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13210:*:*:*:*:*:*",
"matchCriteriaId": "865E1CE5-DC1A-4F08-89D9-DC73397E615D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3:build13300:*:*:*:*:*:*",
"matchCriteriaId": "4BD18A47-2355-42A0-92FB-4C86120ADEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13400:*:*:*:*:*:*",
"matchCriteriaId": "0F601C3D-5594-4D6A-B52B-45D97E3A7F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13410:*:*:*:*:*:*",
"matchCriteriaId": "E21795EE-37BD-4F99-B277-4F982E1E7FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13420:*:*:*:*:*:*",
"matchCriteriaId": "FE8855EF-2966-40DE-BAA0-8BB224045517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13430:*:*:*:*:*:*",
"matchCriteriaId": "ADE2132E-C11E-4544-939A-0F56191794C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13440:*:*:*:*:*:*",
"matchCriteriaId": "269BCE1F-5849-406C-9909-1F30DF699502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13450:*:*:*:*:*:*",
"matchCriteriaId": "3D201826-8808-454A-B6E3-9A087FD6398C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13500:*:*:*:*:*:*",
"matchCriteriaId": "F3DF1ADD-6773-400F-918B-31E6FDCC18C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13510:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4FC4-B10C-4A30-815B-9410A953FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13520:*:*:*:*:*:*",
"matchCriteriaId": "278A9FC5-50AF-4CBC-B164-40C876DF86B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13530:*:*:*:*:*:*",
"matchCriteriaId": "B8E30823-78EA-4FD2-A430-24A637C4E69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13540:*:*:*:*:*:*",
"matchCriteriaId": "2301E889-785E-4D81-B95B-2DBF16810CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13550:*:*:*:*:*:*",
"matchCriteriaId": "4BC72D15-E137-4186-867A-45FF9D3E1344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13560:*:*:*:*:*:*",
"matchCriteriaId": "1D661600-E4BE-4CC4-A519-6E6F3D01865F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13570:*:*:*:*:*:*",
"matchCriteriaId": "FE8BAE06-1111-40B8-9A90-431423C29DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13580:*:*:*:*:*:*",
"matchCriteriaId": "84EFA3B6-6EBA-4A72-AEB5-6809D92C9F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13590:*:*:*:*:*:*",
"matchCriteriaId": "533BA6D5-7FE0-496A-B2CA-F9F2CBA7A8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13591:*:*:*:*:*:*",
"matchCriteriaId": "0C97A78A-0C84-4FD8-B7C5-1EFE7D6740F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13600:*:*:*:*:*:*",
"matchCriteriaId": "6E4455B7-5769-4BDE-9AEB-36F8ED8C4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13610:*:*:*:*:*:*",
"matchCriteriaId": "A698E0F9-C6B1-45E0-AD01-89C1D23A355B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13620:*:*:*:*:*:*",
"matchCriteriaId": "A91B632B-60F4-4652-B9F3-F8C5A7B886BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13630:*:*:*:*:*:*",
"matchCriteriaId": "4C63BF25-7403-4810-9B5F-28DC785F5A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13640:*:*:*:*:*:*",
"matchCriteriaId": "DE8F3986-DB00-42F3-9AE5-E8907308C87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13650:*:*:*:*:*:*",
"matchCriteriaId": "12843833-BBC3-4781-B811-D2161779A74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13660:*:*:*:*:*:*",
"matchCriteriaId": "C22A070B-2706-480B-ACFB-0C46B6C8771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13670:*:*:*:*:*:*",
"matchCriteriaId": "982171BD-F304-4D02-A4F2-E67F2274245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13680:*:*:*:*:*:*",
"matchCriteriaId": "4963E3E4-1438-4C57-856D-279D71CD270E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13690:*:*:*:*:*:*",
"matchCriteriaId": "8A374B9B-9B83-478B-9B87-D62D1DA08706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13700:*:*:*:*:*:*",
"matchCriteriaId": "D7442CF6-9B0F-42D7-8473-F6B4A8A1EA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13710:*:*:*:*:*:*",
"matchCriteriaId": "58CF2A79-9FF3-419F-8DC0-CDCA188EA5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13720:*:*:*:*:*:*",
"matchCriteriaId": "7DC46166-41CC-4C4D-B0E3-024243B2871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13730:*:*:*:*:*:*",
"matchCriteriaId": "C01F6CEC-5FAE-4A85-9C5B-3C981FBF4ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13740:*:*:*:*:*:*",
"matchCriteriaId": "B8ED84D2-F8E7-4F74-A12D-422559B88A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13750:*:*:*:*:*:*",
"matchCriteriaId": "0248509E-5C6A-4072-8BCD-873A2DAD19AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13760:*:*:*:*:*:*",
"matchCriteriaId": "5B5B3F32-8609-42B3-BC4F-3700DD7D045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13770:*:*:*:*:*:*",
"matchCriteriaId": "4EC42FBE-46B7-4BBD-9BAF-91AEB41F37BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13780:*:*:*:*:*:*",
"matchCriteriaId": "295E865A-E194-45A9-B646-221A9258EBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13790:*:*:*:*:*:*",
"matchCriteriaId": "43015CB0-9E23-4346-9212-C85CFEFC1113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13800:*:*:*:*:*:*",
"matchCriteriaId": "DF1AEABC-8947-42B0-997B-07BFAD14608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13810:*:*:*:*:*:*",
"matchCriteriaId": "B06B4691-1159-4071-A7AB-DD8AF8689E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13820:*:*:*:*:*:*",
"matchCriteriaId": "9A549210-F965-4592-9A7A-74290DEA8948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13830:*:*:*:*:*:*",
"matchCriteriaId": "9B57BD11-188A-4BD0-BE28-3422E5D275AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13831:*:*:*:*:*:*",
"matchCriteriaId": "48466C80-1625-443A-B159-F96350F2680A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13840:*:*:*:*:*:*",
"matchCriteriaId": "06848B0C-62D0-4BC3-A3E0-4CC54F2B4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13850:*:*:*:*:*:*",
"matchCriteriaId": "13FA5377-A2F7-4920-BCE1-AEA363743B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13860:*:*:*:*:*:*",
"matchCriteriaId": "F7148DCE-E517-4D70-8F94-70C779DC2FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13870:*:*:*:*:*:*",
"matchCriteriaId": "F601DADD-95A4-4649-B6ED-1CD921CB3942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13880:*:*:*:*:*:*",
"matchCriteriaId": "36A0FBEE-F8D5-401C-B770-87E1CBFDEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13890:*:*:*:*:*:*",
"matchCriteriaId": "7052654A-A44D-4DC3-BB27-52143B60DC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13900:*:*:*:*:*:*",
"matchCriteriaId": "5CFB81A3-9818-4910-B330-F7C83CEB6DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13910:*:*:*:*:*:*",
"matchCriteriaId": "FDB80D0D-02C9-45C0-A721-ECF4574B41BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13920:*:*:*:*:*:*",
"matchCriteriaId": "9BA9663F-6288-4624-B205-ABF80BD38B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13930:*:*:*:*:*:*",
"matchCriteriaId": "DDF74E7D-EE06-4DEE-AE6A-6B9CA414218D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13940:*:*:*:*:*:*",
"matchCriteriaId": "5200CBF4-14D8-4651-8066-F1CFE201A383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13950:*:*:*:*:*:*",
"matchCriteriaId": "BC1B9FB4-A595-4F2C-9477-C8A1B9D42128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13960:*:*:*:*:*:*",
"matchCriteriaId": "53C9B88B-17C0-4CFF-A951-31458C3EDED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13970:*:*:*:*:*:*",
"matchCriteriaId": "4A12AC22-D343-493B-8F7C-C97AB6BC0448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13980:*:*:*:*:*:*",
"matchCriteriaId": "E84C9CA8-DC85-4E4F-A9BA-07F52E06773E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13990:*:*:*:*:*:*",
"matchCriteriaId": "6A5ECD8F-EFBB-4B14-9DF4-98DE7CC282A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14100:*:*:*:*:*:*",
"matchCriteriaId": "E2198922-6658-490E-AE44-E6DC8F9D72DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14110:*:*:*:*:*:*",
"matchCriteriaId": "11D70C6F-F7C8-4F03-A606-6402C646CDC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14120:*:*:*:*:*:*",
"matchCriteriaId": "14A5BC08-3F55-4538-8923-3AFA938CDB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14130:*:*:*:*:*:*",
"matchCriteriaId": "A830CDFD-607C-4F5D-BE40-C3293E77F933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14140:*:*:*:*:*:*",
"matchCriteriaId": "8E100EA7-740A-4E1C-826E-E0A2F4550B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14150:*:*:*:*:*:*",
"matchCriteriaId": "0AD5F99E-9130-44DE-B5D4-A4FBF9338825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14160:*:*:*:*:*:*",
"matchCriteriaId": "24383C4F-FACA-48E3-BEED-FDA054D27122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14170:*:*:*:*:*:*",
"matchCriteriaId": "D773A874-6B9E-4B15-946F-73336FDE5CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14180:*:*:*:*:*:*",
"matchCriteriaId": "F0F5181E-3214-48DD-883B-3E26D562F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14190:*:*:*:*:*:*",
"matchCriteriaId": "016F465E-678A-4A9A-9493-DFA0BE265374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14200:*:*:*:*:*:*",
"matchCriteriaId": "03C06718-D9E4-41BF-8B11-139C731570D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14210:*:*:*:*:*:*",
"matchCriteriaId": "5D7B3732-211D-4D24-8014-5002E3678E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14220:*:*:*:*:*:*",
"matchCriteriaId": "A67CF67E-A855-4481-8816-48F10987AD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14230:*:*:*:*:*:*",
"matchCriteriaId": "87014819-2263-43A8-BB1B-0870631BA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14240:*:*:*:*:*:*",
"matchCriteriaId": "9C4FC1F1-3A8F-466E-B963-4FDC43810480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14250:*:*:*:*:*:*",
"matchCriteriaId": "662A0308-CAFE-4264-AEF2-4794C774F5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14260:*:*:*:*:*:*",
"matchCriteriaId": "B56121C9-46C5-42E9-8E9B-B90A1B8DC4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14261:*:*:*:*:*:*",
"matchCriteriaId": "2E0A2274-1B22-4D29-804F-D40F87FE2BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14262:*:*:*:*:*:*",
"matchCriteriaId": "39DEB880-DFC0-4811-8010-71C49DB568DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14270:*:*:*:*:*:*",
"matchCriteriaId": "C420506D-351F-4F71-80E3-0AC308F345AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14280:*:*:*:*:*:*",
"matchCriteriaId": "742BF87A-1547-4DA1-8255-EABA73032258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14290:*:*:*:*:*:*",
"matchCriteriaId": "EAA8CFAF-DD50-4CF5-B46C-7651CE9A4BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14300:*:*:*:*:*:*",
"matchCriteriaId": "DAF1E53B-C9C7-4408-8F91-EDBCF616E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14310:*:*:*:*:*:*",
"matchCriteriaId": "1B770809-8C5C-4567-B32A-ED694EEB1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14330:*:*:*:*:*:*",
"matchCriteriaId": "BE084129-E743-48CB-B752-5567B814A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14331:*:*:*:*:*:*",
"matchCriteriaId": "C6D7408F-E0AC-4038-8D07-9652A8C1E7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14332:*:*:*:*:*:*",
"matchCriteriaId": "B9A2B86D-B673-4DE9-8450-42E82B4665B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14340:*:*:*:*:*:*",
"matchCriteriaId": "46F0CDA4-91F0-41FC-9981-D8CA120A5847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14350:*:*:*:*:*:*",
"matchCriteriaId": "4D0E72F3-5FA7-4D76-880C-48E247BE92A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14360:*:*:*:*:*:*",
"matchCriteriaId": "5D3C538A-D719-4D2D-B25B-5D8E01C0FF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14361:*:*:*:*:*:*",
"matchCriteriaId": "72A1F5AC-7895-4BBD-A339-159BD50519BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14370:*:*:*:*:*:*",
"matchCriteriaId": "4402B148-B1F6-4A2E-844F-413F8C2DA977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14380:*:*:*:*:*:*",
"matchCriteriaId": "1CB17533-5A93-4D88-A3F5-9305DDECF284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14390:*:*:*:*:*:*",
"matchCriteriaId": "B5ADE260-48CF-4863-8665-99E77D82660C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14400:*:*:*:*:*:*",
"matchCriteriaId": "A48CBFCA-C822-4AC9-83C9-3828C0C329B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14401:*:*:*:*:*:*",
"matchCriteriaId": "22211D25-8822-494A-B8AE-9C689AA8B6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14410:*:*:*:*:*:*",
"matchCriteriaId": "B4644040-14DB-4AF0-9B14-5DC2141462BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14420:*:*:*:*:*:*",
"matchCriteriaId": "1A37552E-DD88-4B12-B3AE-A001D7B8C74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14430:*:*:*:*:*:*",
"matchCriteriaId": "D0DE1C60-238C-40FE-9BFA-0A7762101776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14440:*:*:*:*:*:*",
"matchCriteriaId": "EFCAEC83-6C9D-43FD-8BCA-7046DA47ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14450:*:*:*:*:*:*",
"matchCriteriaId": "EA351DF5-CE01-43AC-ACA5-4D16A6950815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14460:*:*:*:*:*:*",
"matchCriteriaId": "5A3BDB05-8457-4355-8963-D9AAE6DDAD24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14470:*:*:*:*:*:*",
"matchCriteriaId": "24D53647-4C13-4A8A-9E5D-DD77328E9F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14480:*:*:*:*:*:*",
"matchCriteriaId": "C6CAE260-4989-492F-AB77-B58F526EF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14490:*:*:*:*:*:*",
"matchCriteriaId": "C7950E75-2D8D-4F08-B9AF-3C3CB8BD6446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14500:*:*:*:*:*:*",
"matchCriteriaId": "00B5B1A9-0B70-49F6-A372-5D2C8FC954E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14510:*:*:*:*:*:*",
"matchCriteriaId": "538B8DC0-3F93-41CA-8E7A-6F7DCD39B374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14520:*:*:*:*:*:*",
"matchCriteriaId": "B31B772F-6E3E-4F15-B535-B278584B1DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14530:*:*:*:*:*:*",
"matchCriteriaId": "1A39AA63-F9AC-4814-869F-FDE3F7D421D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14540:*:*:*:*:*:*",
"matchCriteriaId": "ED7D4D00-98DA-4D7F-B575-6C7841C3A018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo showReports de Zoho ManageEngine Applications Manager versiones anteriores a 14550, permite a atacantes autenticados ejecutar una inyecci\u00f3n SQL por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2020-28679",
"lastModified": "2024-11-21T05:23:07.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-10T18:15:07.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 17:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90FD27BF-36C5-40A5-B5C3-C31808322BB5",
"versionEndExcluding": "14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:-:*:*:*:*:*:*",
"matchCriteriaId": "316E7CC7-7E2F-4C21-8897-6184672FAFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14500:*:*:*:*:*:*",
"matchCriteriaId": "00B5B1A9-0B70-49F6-A372-5D2C8FC954E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14510:*:*:*:*:*:*",
"matchCriteriaId": "538B8DC0-3F93-41CA-8E7A-6F7DCD39B374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14520:*:*:*:*:*:*",
"matchCriteriaId": "B31B772F-6E3E-4F15-B535-B278584B1DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14530:*:*:*:*:*:*",
"matchCriteriaId": "1A39AA63-F9AC-4814-869F-FDE3F7D421D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14540:*:*:*:*:*:*",
"matchCriteriaId": "ED7D4D00-98DA-4D7F-B575-6C7841C3A018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter."
},
{
"lang": "es",
"value": "Se ha detectado un problema en el archivo /showReports.do Zoho ManageEngine Applications Manager versiones hasta la 14550, permite a atacantes alcanzar privilegios escalados por medio del par\u00e1metro resourceid"
}
],
"id": "CVE-2020-24743",
"lastModified": "2024-11-21T05:16:00.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T17:15:08.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-10 22:15
Modified
2024-11-21 04:34
Severity ?
Summary
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 14.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:14360:*:*:*:*:*:*",
"matchCriteriaId": "C24E2AA5-88D3-41E1-8D9F-05EFD6A8CBA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \u201cAuthenticated Users\u201d group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ManageEngine Applications Manager 14 con Build 14360. El PostgreSQL integrado que est\u00e1 incorporado en el Administrador de aplicaciones es propenso a ataques debido a la falta de seguridad de permisos de archivos. Los usuarios maliciosos que se encuentran en el grupo de \"Usuarios autenticados\" pueden explotar la escalada de privilegios y modificar la configuraci\u00f3n de PostgreSQL para ejecutar comandos arbitrarios para escalar y obtener acceso y derechos de usuario de privilegios completos del sistema."
}
],
"id": "CVE-2019-19475",
"lastModified": "2024-11-21T04:34:48.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T22:15:11.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-08 00:29
Modified
2024-11-21 03:50
Severity ?
Summary
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/x-f1v3/ForCve/issues/3 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/x-f1v3/ForCve/issues/3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09FB7583-06FC-4860-A524-0536A9B5379D",
"versionEndExcluding": "13.13820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en Zoho ManageEngine Applications Manager 13 antes de la build 13820 permite a atacantes remotos inyectar scripts web o HTML arbitrarios mediante el par\u00e1metro \"method\" en /deleteMO.do."
}
],
"id": "CVE-2018-15169",
"lastModified": "2024-11-21T03:50:27.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T00:29:01.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 permite inyecci\u00f3n SQL mediante el par\u00e1metro groupname en /manageConfMons.do."
}
],
"id": "CVE-2017-16848",
"lastModified": "2024-11-21T03:17:05.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 03:08
Severity ?
Summary
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://application.com | Not Applicable | |
| cve@mitre.org | http://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://application.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*",
"matchCriteriaId": "0ADA2415-EC81-4764-9649-010776AF62CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system."
},
{
"lang": "es",
"value": "En Zoho ManageEngine Application Manager 13.1 Build 13100, el usuario administrativo tiene la capacidad para cargar archivos binarios que pueden ejecutarse cuando ocurre una alarma. Un atacante puede abusar de esta funcionalidad cargando un script malicioso que puede ser ejecutado en el sistema remoto."
}
],
"id": "CVE-2017-11740",
"lastModified": "2024-11-21T03:08:24.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T16:29:08.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://application.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyecci\u00f3n SQL mediante el par\u00e1metro resourceid en /showresource.do en una acci\u00f3n getResourceProfiles."
}
],
"id": "CVE-2017-16850",
"lastModified": "2024-11-21T03:17:05.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-01 12:15
Modified
2024-11-21 06:06
Severity ?
Summary
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://raxis.com/blog/cve-2021-31813 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raxis.com/blog/cve-2021-31813 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_applications_manager | 15.1 | |
| zohocorp | manageengine_applications_manager | 15.1 | |
| zohocorp | manageengine_applications_manager | 15.1 | |
| zohocorp | manageengine_applications_manager | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74D7167-A22D-4BA1-9B85-B213BC1278B8",
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BB21FEB1-D55B-4BB9-85A6-D21D6650BAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15100:*:*:*:*:*:*",
"matchCriteriaId": "12DB7C50-99E5-42FC-84BB-3BCE9F96CAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15110:*:*:*:*:*:*",
"matchCriteriaId": "FCAF2C81-2513-42A8-9683-3A81E7BA9D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15120:*:*:*:*:*:*",
"matchCriteriaId": "4AB1A6B0-832A-43E5-8B3F-B353C5503754",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario dise\u00f1ado) desde AD"
}
],
"id": "CVE-2021-31813",
"lastModified": "2024-11-21T06:06:16.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-01T12:15:07.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2021-31813"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2021-31813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 18:29
Modified
2024-11-21 03:08
Severity ?
Summary
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://applications.com | Product | |
| cve@mitre.org | http://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/ | Vendor Advisory | |
| cve@mitre.org | https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738 | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://applications.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738 | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC75B6D-A432-46BE-AFD7-2D4B7E4EC82C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company\u0027s network environment via a userconfiguration.do?method=editUser request."
},
{
"lang": "es",
"value": "Fue encontrado un problema en ZOHO ManageEngine Applications Manager versi\u00f3n 12.3. Es posible que un usuario no autenticado vea la lista de nombres de dominio y nombres de usuario utilizados en el entorno de red de una empresa por medio de una solicitud userconfiguration.do?method=editUser."
}
],
"id": "CVE-2017-11557",
"lastModified": "2024-11-21T03:08:00.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T18:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://applications.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://applications.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-13 20:29
Modified
2024-11-21 03:01
Severity ?
Summary
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html | Vendor Advisory | |
| cret@cert.org | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 12.0 | |
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "627D0D5D-1B83-4480-BE43-5D1F1D95F563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user\u0027s password."
},
{
"lang": "es",
"value": "En ManageEngine Applications Manager 12 y 13, antes de la build 13200, un usuario autenticado puede alterar todas sus propiedades, incluyendo su propio grupo; p. ej., cambiando su grupo a otro con mayores privilegios como \"ADMIN\". Un usuario tambi\u00e9n puede cambiar las propiedades de otro usuario, p. ej., cambiando la contrase\u00f1a de otro usuario."
}
],
"id": "CVE-2016-9489",
"lastModified": "2024-11-21T03:01:18.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T20:29:01.550",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-255"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-29 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n SQL en Zoho ManageEngine Applications Manager 14 versiones anteriores a 14560, permite a un atacante ejecutar comandos en el servidor por medio del par\u00e1metro template_resid del archivo MyPage.do"
}
],
"id": "CVE-2020-27995",
"lastModified": "2024-11-21T05:22:10.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-29T17:15:12.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-19 16:15
Modified
2024-11-21 05:21
Severity ?
Summary
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html#v14880 | Issue Tracking, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html#v14880 | Issue Tracking, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14560:*:*:*:*:*:*",
"matchCriteriaId": "B2988A57-57DE-4FA7-B7D0-947E112D3425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14570:*:*:*:*:*:*",
"matchCriteriaId": "D9DFAB54-8B32-4502-89C7-DDBA04C0D140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14580:*:*:*:*:*:*",
"matchCriteriaId": "B3D3D6D9-D223-467F-8A42-F0A3FF804915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14590:*:*:*:*:*:*",
"matchCriteriaId": "8375AB0F-8478-4738-9CB7-06F50CFF3635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14600:*:*:*:*:*:*",
"matchCriteriaId": "72553828-2E9A-4D00-83D4-B03175D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14610:*:*:*:*:*:*",
"matchCriteriaId": "A2D6E6A8-8011-4B65-8E32-E6F28B2CF8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14620:*:*:*:*:*:*",
"matchCriteriaId": "B2023874-33CA-4545-A8A9-24E97EC8C347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14630:*:*:*:*:*:*",
"matchCriteriaId": "B4239B72-6CC4-42FC-8B1B-DD6D352FF460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14660:*:*:*:*:*:*",
"matchCriteriaId": "F9BC2425-4763-4564-A6AA-67CCA369F8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14670:*:*:*:*:*:*",
"matchCriteriaId": "46210773-F4A4-4A45-B121-925F41F60824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14681:*:*:*:*:*:*",
"matchCriteriaId": "4CE6B9FB-9EB3-4299-A68A-CB8B526F8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14682:*:*:*:*:*:*",
"matchCriteriaId": "AB440A39-D56A-4006-BD5C-841B743206DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14683:*:*:*:*:*:*",
"matchCriteriaId": "DAAB6627-826F-4533-BBA9-B66363DA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14684:*:*:*:*:*:*",
"matchCriteriaId": "D533490F-0026-48B9-83B1-71ECC9343F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14685:*:*:*:*:*:*",
"matchCriteriaId": "FED82DD4-A755-4133-878A-B481EBFBCBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14690:*:*:*:*:*:*",
"matchCriteriaId": "BCB56836-19C3-468E-B55F-A2A6E791A1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14700:*:*:*:*:*:*",
"matchCriteriaId": "076BBC38-865B-458A-9ECF-EE705CA180DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14710:*:*:*:*:*:*",
"matchCriteriaId": "8D81984A-E164-4E37-9895-29088EA2F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14720:*:*:*:*:*:*",
"matchCriteriaId": "09D063AF-7BBF-4E85-A86E-115F3633A805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14730:*:*:*:*:*:*",
"matchCriteriaId": "3879513B-312B-47DF-9CA9-27E99C52F045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14740:*:*:*:*:*:*",
"matchCriteriaId": "D1145CD0-E861-47B4-8D7E-7439D89C7162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14750:*:*:*:*:*:*",
"matchCriteriaId": "E90836AF-E50D-411F-9E1D-20E82B56AB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14760:*:*:*:*:*:*",
"matchCriteriaId": "1687DCF5-C484-40AC-A215-1147963F7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14770:*:*:*:*:*:*",
"matchCriteriaId": "4CE735D8-A58C-4700-815F-6FC5B97BA96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14780:*:*:*:*:*:*",
"matchCriteriaId": "B8514EE3-F1C8-460E-9071-06DF7E470D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14781:*:*:*:*:*:*",
"matchCriteriaId": "44FF8FD2-A290-43F7-8114-91479C54E0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14790:*:*:*:*:*:*",
"matchCriteriaId": "41098519-1221-4F0F-9163-28C6573369C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14800:*:*:*:*:*:*",
"matchCriteriaId": "D881FF37-4541-4316-9C80-B229AC9FBA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14811:*:*:*:*:*:*",
"matchCriteriaId": "09FBABD7-0C29-471B-A46B-1EE06AA03699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14820:*:*:*:*:*:*",
"matchCriteriaId": "5D540523-2604-4CD7-B164-C86C4A4FE2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14830:*:*:*:*:*:*",
"matchCriteriaId": "21CC11B7-A626-441D-A345-EF5772EB17D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14840:*:*:*:*:*:*",
"matchCriteriaId": "2C7406D2-4A06-4B35-A4FB-6BB3BD2F4C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14841:*:*:*:*:*:*",
"matchCriteriaId": "C0AD1588-F87A-4933-A133-309EF0F1C47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14842:*:*:*:*:*:*",
"matchCriteriaId": "0953FF40-7427-4384-9ECF-FCFF9EFD139F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14843:*:*:*:*:*:*",
"matchCriteriaId": "D5404A16-63B0-4A46-A3C7-D9690ACBB79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14850:*:*:*:*:*:*",
"matchCriteriaId": "921ADE5B-15F5-408C-B59E-E8156D6A8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14860:*:*:*:*:*:*",
"matchCriteriaId": "F32038A0-5D47-4126-BC29-AF1B6A84D58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14870:*:*:*:*:*:*",
"matchCriteriaId": "0467FDBD-549D-4132-A62D-8517A187DDCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager anterior a la versi\u00f3n 14 build 14880, permite una inyecci\u00f3n SQL autenticada por medio de una petici\u00f3n Alarmview dise\u00f1ada"
}
],
"id": "CVE-2020-27733",
"lastModified": "2024-11-21T05:21:42.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-19T16:15:12.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-16 03:15
Modified
2024-11-21 04:28
Severity ?
Summary
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/47227 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/47227 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB04F529-E2A2-4D03-A8AD-ADD435F37C97",
"versionEndIncluding": "14.0",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine OpManager versiones hasta 12.4x. Se presenta una vulnerabilidad de inyecci\u00f3n SQL en el archivo jsp/NewThresholdConfiguration.jsp por medio del par\u00e1metro resourceid. Por lo tanto, un usuario con poca autoridad puede conseguir la autoridad de SYSTEM en el servidor. En consecuencia, se puede cargar un archivo malicioso utilizando la funcionalidad \"Execute Program Action(s)\"."
}
],
"id": "CVE-2019-15104",
"lastModified": "2024-11-21T04:28:03.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-16T03:15:11.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47227"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-05 17:29
Modified
2024-11-21 03:16
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versi\u00f3n 13 anterior a build 13500, permite la inyecci\u00f3n SQL por medio del archivo GraphicalView.do, como es demostrado por un campo creado yCanvas de ViewProps o un par\u00e1metro viewid."
}
],
"id": "CVE-2017-16543",
"lastModified": "2024-11-21T03:16:32.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-05T17:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyecci\u00f3n SQL mediante el par\u00e1metro resourceid en /showresource.do en una acci\u00f3n showPlasmaView."
}
],
"id": "CVE-2017-16847",
"lastModified": "2024-11-21T03:17:05.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-21 12:15
Modified
2024-11-21 06:12
Severity ?
Summary
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.2:15200:*:*:*:*:*:*",
"matchCriteriaId": "4C70F506-8BFF-4B51-862F-946638892332",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200."
},
{
"lang": "es",
"value": "Se ha detectado un problema de tipo SSRF en Zoho ManageEngine Applications Manager versi\u00f3n build 15200"
}
],
"id": "CVE-2021-35512",
"lastModified": "2024-11-21T06:12:24.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T12:15:07.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 18:16
Modified
2024-11-21 04:35
Severity ?
Summary
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2019-19649 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2019-19649 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72FB0868-47E0-43A3-9C15-651CF6746C77",
"versionEndExcluding": "13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager versiones anteriores a 13620, permite una inyecci\u00f3n SQL no autenticada remota por medio del par\u00e1metro eventid de SyncEventServlet en la funci\u00f3n doGet del archivo SyncEventServlet.java."
}
],
"id": "CVE-2019-19649",
"lastModified": "2024-11-21T04:35:07.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T18:16:19.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19649"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-26 21:15
Modified
2025-02-03 18:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71A91D5D-BA60-4FAC-92D7-DD477399A552",
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16330:*:*:*:*:*:*",
"matchCriteriaId": "6251408C-2192-44E7-A8D8-92EE97BC3D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16340:*:*:*:*:*:*",
"matchCriteriaId": "9F50F891-EA20-4DAC-A100-C80FC455FF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16350:*:*:*:*:*:*",
"matchCriteriaId": "14969EAF-CDB7-45AE-AAA1-8D7D0C1D04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16360:*:*:*:*:*:*",
"matchCriteriaId": "1B69B236-6FB4-4142-BAA3-578283DB225D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16361:*:*:*:*:*:*",
"matchCriteriaId": "1A68602E-658B-435E-A456-736C8297ABDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16370:*:*:*:*:*:*",
"matchCriteriaId": "0743D3FA-E17C-4AB4-8821-ECFA8760AA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16380:*:*:*:*:*:*",
"matchCriteriaId": "125F2CA8-EB8C-4863-85AB-B8ABB3A0B6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16390:*:*:*:*:*:*",
"matchCriteriaId": "65477E77-D8C3-428A-89CB-188E456FFFC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS."
}
],
"id": "CVE-2023-29442",
"lastModified": "2025-02-03T18:15:29.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-26T21:15:08.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-13 20:29
Modified
2024-11-21 03:01
Severity ?
Summary
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html | Vendor Advisory | |
| cret@cert.org | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/97394/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 12.0 | |
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "627D0D5D-1B83-4480-BE43-5D1F1D95F563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system."
},
{
"lang": "es",
"value": "ManageEngine Applications Manager 12 y 13 antes de la build 13690 permite que un usuario autenticado que puede acceder a una p\u00e1gina /register.do (muy probablemente limitado a un administrador), navegue por el sistema de archivos y lea los archivos del sistema, incluyendo la configuraci\u00f3n de Applications Manager, las claves privadas almacenadas, etc. Por defecto, Application Manager se ejecuta con privilegios administrativos y, por lo tanto, es posible acceder a todos los directorios del sistema operativo subyacente."
}
],
"id": "CVE-2016-9491",
"lastModified": "2024-11-21T03:01:19.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T20:29:01.613",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/97394/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-08 00:29
Modified
2024-11-21 03:50
Severity ?
Summary
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/x-f1v3/ForCve/issues/2 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/x-f1v3/ForCve/issues/2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09FB7583-06FC-4860-A524-0536A9B5379D",
"versionEndExcluding": "13.13820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en Zoho ManageEngine Applications Manager 13 antes de la build 13820 mediante el par\u00e1metro resids en una petici\u00f3n GET en /editDisplaynames.do?method=editDisplaynames."
}
],
"id": "CVE-2018-15168",
"lastModified": "2024-11-21T03:50:26.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T00:29:01.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-f1v3/ForCve/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyecci\u00f3n SQL mediante el par\u00e1metro widgetid en /MyPage.do."
}
],
"id": "CVE-2017-16851",
"lastModified": "2024-11-21T03:17:05.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-16 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyecci\u00f3n SQL mediante el par\u00e1metro haid en /manageApplications.do?method=AddSubGroup."
}
],
"id": "CVE-2017-16846",
"lastModified": "2024-11-21T03:17:05.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T17:29:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-10 21:15
Modified
2024-11-21 08:13
Severity ?
Summary
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE31108-0BCF-439A-A0A4-6A5E3D317A58",
"versionEndExcluding": "16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:-:*:*:*:*:*:*",
"matchCriteriaId": "9E7A5CB9-A7B8-4ED0-B7B7-A55C9DEA1031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16500:*:*:*:*:*:*",
"matchCriteriaId": "4D81950D-33D9-4BBB-A209-13BC2C74C36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16510:*:*:*:*:*:*",
"matchCriteriaId": "35F55779-23A6-4C21-8A24-DAD73DFDA728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16511:*:*:*:*:*:*",
"matchCriteriaId": "836A8F78-C994-4CE9-A7E8-5D69975D18E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16520:*:*:*:*:*:*",
"matchCriteriaId": "08E9CD04-711B-4062-AE20-00BECCB2AC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16530:*:*:*:*:*:*",
"matchCriteriaId": "CCFE6112-8FF3-4E3D-8300-92C54F25B139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in."
}
],
"id": "CVE-2023-38333",
"lastModified": "2024-11-21T08:13:21.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-10T21:15:10.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-06 17:15
Modified
2024-11-21 04:35
Severity ?
Summary
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet."
},
{
"lang": "es",
"value": "Zoho ManageEngine Applications Manager 14 versiones anteriores a 14520, permite a un atacante remoto no autenticado revelar nombres de archivos del Sistema Operativo por medio de FailOverHelperServlet."
}
],
"id": "CVE-2019-19800",
"lastModified": "2024-11-21T04:35:24.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-06T17:15:13.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:52
Severity ?
Summary
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.jamesotten.com/post/applications-manager-rce/ | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.jamesotten.com/post/applications-manager-rce/ | Exploit, Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:-:*:*:*:*:*:*",
"matchCriteriaId": "7F562B9A-4776-499D-BE37-B2025C974701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13700:*:*:*:*:*:*",
"matchCriteriaId": "D7442CF6-9B0F-42D7-8473-F6B4A8A1EA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13710:*:*:*:*:*:*",
"matchCriteriaId": "58CF2A79-9FF3-419F-8DC0-CDCA188EA5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13720:*:*:*:*:*:*",
"matchCriteriaId": "7DC46166-41CC-4C4D-B0E3-024243B2871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13730:*:*:*:*:*:*",
"matchCriteriaId": "C01F6CEC-5FAE-4A85-9C5B-3C981FBF4ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13750:*:*:*:*:*:*",
"matchCriteriaId": "0248509E-5C6A-4072-8BCD-873A2DAD19AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13760:*:*:*:*:*:*",
"matchCriteriaId": "5B5B3F32-8609-42B3-BC4F-3700DD7D045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13770:*:*:*:*:*:*",
"matchCriteriaId": "4EC42FBE-46B7-4BBD-9BAF-91AEB41F37BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13780:*:*:*:*:*:*",
"matchCriteriaId": "295E865A-E194-45A9-B646-221A9258EBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13790:*:*:*:*:*:*",
"matchCriteriaId": "43015CB0-9E23-4346-9212-C85CFEFC1113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share."
},
{
"lang": "es",
"value": "Una vulnerabilidad de serializaci\u00f3n en Zoho ManageEngine Applications Manager antes de la build 13740 permite la ejecuci\u00f3n remota de c\u00f3digo en Windows mediante una carga \u00fatil en una compartici\u00f3n SMB."
}
],
"id": "CVE-2018-16364",
"lastModified": "2024-11-21T03:52:36.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://blog.jamesotten.com/post/applications-manager-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://blog.jamesotten.com/post/applications-manager-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-35512
Vulnerability from cvelistv5
Published
2021-10-21 11:18
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/release-notes.html | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/ | x_refsource_MISC | |
| https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T11:18:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/"
},
{
"name": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/",
"refsource": "MISC",
"url": "https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35512",
"datePublished": "2021-10-21T11:18:13",
"dateReserved": "2021-06-26T00:00:00",
"dateUpdated": "2024-08-04T00:40:46.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19650
Vulnerability from cvelistv5
Published
2019-12-11 17:40
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/release-notes.html | x_refsource_CONFIRM | |
| https://gitlab.com/eLeN3Re/CVE-2019-19650 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:11.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T21:21:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2019-19650",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19650",
"datePublished": "2019-12-11T17:40:20",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:11.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28340
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-10 20:57
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:57:18.621413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:57:23.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28340",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:57:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28679
Vulnerability from cvelistv5
Published
2022-01-10 17:47
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/issues.html#v14550 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T17:47:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14550",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28679",
"datePublished": "2022-01-10T17:47:37",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7863
Vulnerability from cvelistv5
Published
2020-02-08 16:57
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T16:57:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded"
},
{
"name": "http://seclists.org/fulldisclosure/2015/Jan/114",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/114"
},
{
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet",
"refsource": "MISC",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7863",
"datePublished": "2020-02-08T16:57:37",
"dateReserved": "2014-10-05T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14008
Vulnerability from cvelistv5
Published
2020-09-04 14:14
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html#14730 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#14730"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#14730"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#14730",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#14730"
},
{
"name": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14008",
"datePublished": "2020-09-04T14:14:15",
"dateReserved": "2020-06-10T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13050
Vulnerability from cvelistv5
Published
2018-07-02 11:00
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/x-f1v3/ForCve/issues/1 | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/issues.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:49.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/x-f1v3/ForCve/issues/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/x-f1v3/ForCve/issues/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/x-f1v3/ForCve/issues/1",
"refsource": "MISC",
"url": "https://github.com/x-f1v3/ForCve/issues/1"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13050",
"datePublished": "2018-07-02T11:00:00",
"dateReserved": "2018-07-02T00:00:00",
"dateUpdated": "2024-08-05T08:52:49.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9498
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/9 | mailing-list, x_refsource_FULLDISC | |
| https://www.securityfocus.com/bid/97394/ | vdb-entry, x_refsource_BID | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Version: 12 Version: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9498",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9498",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28341
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-10 20:56
Severity ?
EPSS score ?
Summary
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:55:22.198177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:56:00.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28341",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:56:00.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15533
Vulnerability from cvelistv5
Published
2020-10-01 18:44
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/issues.html#v14750 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:29.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T18:44:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15533",
"datePublished": "2020-10-01T18:44:11",
"dateReserved": "2020-07-05T00:00:00",
"dateUpdated": "2024-08-04T13:22:29.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19649
Vulnerability from cvelistv5
Published
2019-12-11 17:57
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/release-notes.html | x_refsource_CONFIRM | |
| https://gitlab.com/eLeN3Re/CVE-2019-19649 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:11.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T21:25:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2019-19649",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19649",
"datePublished": "2019-12-11T17:57:41",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:11.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12996
Vulnerability from cvelistv5
Published
2018-06-29 12:00
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Jul/71 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html | x_refsource_MISC | |
| https://github.com/unh3x/just4cve/issues/7 | x_refsource_MISC | |
| http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038 | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:49.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180720 [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/71"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/unh3x/just4cve/issues/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027method\u0027 to GraphicalView.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180720 [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/71"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unh3x/just4cve/issues/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027method\u0027 to GraphicalView.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180720 [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/71"
},
{
"name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"name": "https://github.com/unh3x/just4cve/issues/7",
"refsource": "MISC",
"url": "https://github.com/unh3x/just4cve/issues/7"
},
{
"name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038",
"refsource": "MISC",
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12996",
"datePublished": "2018-06-29T12:00:00",
"dateReserved": "2018-06-29T00:00:00",
"dateUpdated": "2024-08-05T08:52:49.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31813
Vulnerability from cvelistv5
Published
2021-07-01 11:58
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html | x_refsource_MISC | |
| https://raxis.com/blog/cve-2021-31813 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raxis.com/blog/cve-2021-31813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T18:19:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raxis.com/blog/cve-2021-31813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html"
},
{
"name": "https://raxis.com/blog/cve-2021-31813",
"refsource": "MISC",
"url": "https://raxis.com/blog/cve-2021-31813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31813",
"datePublished": "2021-07-01T11:58:51",
"dateReserved": "2021-04-26T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15521
Vulnerability from cvelistv5
Published
2020-09-25 06:05
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html#v14730 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T06:05:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14730",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15521",
"datePublished": "2020-09-25T06:05:44",
"dateReserved": "2020-07-03T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29442
Vulnerability from cvelistv5
Published
2023-04-26 00:00
Modified
2025-02-03 17:38
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:38:57.196637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:38:59.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29442",
"datePublished": "2023-04-26T00:00:00.000Z",
"dateReserved": "2023-04-06T00:00:00.000Z",
"dateUpdated": "2025-02-03T17:38:59.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9491
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/9 | mailing-list, x_refsource_FULLDISC | |
| https://www.securityfocus.com/bid/97394/ | vdb-entry, x_refsource_BID | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Version: 12 Version: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9491",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9491.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9491",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11808
Vulnerability from cvelistv5
Published
2018-06-06 03:00
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html | x_refsource_CONFIRM | |
| https://github.com/kactrosN/publicdisclosures | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104467 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kactrosN/publicdisclosures"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "104467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is \"NT AUTHORITY / SYSTEM\") by sending a specially crafted request to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kactrosN/publicdisclosures"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "104467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is \"NT AUTHORITY / SYSTEM\") by sending a specially crafted request to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html"
},
{
"name": "https://github.com/kactrosN/publicdisclosures",
"refsource": "MISC",
"url": "https://github.com/kactrosN/publicdisclosures"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "104467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11808",
"datePublished": "2018-06-06T03:00:00",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15105
Vulnerability from cvelistv5
Published
2019-08-16 02:44
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T21:10:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47228",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47228"
},
{
"name": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15105.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15105",
"datePublished": "2019-08-16T02:44:35",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9489
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2017/Apr/9 | mailing-list, x_refsource_FULLDISC | |
| https://www.securityfocus.com/bid/97394/ | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Version: 12 Version: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html"
},
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/97394/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html"
},
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/97394/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9489",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html"
},
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9489",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11469
Vulnerability from cvelistv5
Published
2019-04-23 03:12
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46740/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/46740 | x_refsource_MISC | |
| https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46740/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46740"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the \"Execute Program Action(s)\" feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T17:11:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46740/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46740"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the \"Execute Program Action(s)\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46740",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46740/"
},
{
"name": "https://www.exploit-db.com/exploits/46740",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46740"
},
{
"name": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11469",
"datePublished": "2019-04-23T03:12:55",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16542
Vulnerability from cvelistv5
Published
2017-11-05 17:00
Modified
2024-08-05 20:27
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/43129/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html | x_refsource_CONFIRM | |
| http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43129",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43129",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43129",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16542.html"
},
{
"name": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16542",
"datePublished": "2017-11-05T17:00:00",
"dateReserved": "2017-11-05T00:00:00",
"dateUpdated": "2024-08-05T20:27:03.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24743
Vulnerability from cvelistv5
Published
2021-11-03 16:07
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/issues.html#v14550 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-03T16:07:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14550",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24743",
"datePublished": "2021-11-03T16:07:41",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11739
Vulnerability from cvelistv5
Published
2019-05-23 15:27
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://manageengine.com | x_refsource_MISC | |
| http://application.com | x_refsource_MISC | |
| https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108469 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a \"Utility Widget\" with a \"Custom HTML or Text\" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a \"Utility Widget\" that contains malicious JavaScript code, aka XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-27T11:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108469"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a \"Utility Widget\" with a \"Custom HTML or Text\" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a \"Utility Widget\" that contains malicious JavaScript code, aka XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://manageengine.com",
"refsource": "MISC",
"url": "http://manageengine.com"
},
{
"name": "http://application.com",
"refsource": "MISC",
"url": "http://application.com"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108469"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11739",
"datePublished": "2019-05-23T15:27:26",
"dateReserved": "2017-07-29T00:00:00",
"dateUpdated": "2024-08-05T18:19:38.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16849
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16849.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16849",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11740
Vulnerability from cvelistv5
Published
2019-05-23 15:21
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://manageengine.com | x_refsource_MISC | |
| http://application.com | x_refsource_MISC | |
| https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T15:21:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://manageengine.com",
"refsource": "MISC",
"url": "http://manageengine.com"
},
{
"name": "http://application.com",
"refsource": "MISC",
"url": "http://application.com"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11740",
"datePublished": "2019-05-23T15:21:10",
"dateReserved": "2017-07-29T00:00:00",
"dateUpdated": "2024-08-05T18:19:39.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11557
Vulnerability from cvelistv5
Published
2019-05-23 17:17
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/ | x_refsource_MISC | |
| http://applications.com | x_refsource_MISC | |
| https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://applications.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company\u0027s network environment via a userconfiguration.do?method=editUser request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T17:17:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://applications.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company\u0027s network environment via a userconfiguration.do?method=editUser request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://manageengine.com",
"refsource": "MISC",
"url": "http://manageengine.com"
},
{
"name": "https://www.manageengine.com/",
"refsource": "MISC",
"url": "https://www.manageengine.com/"
},
{
"name": "http://applications.com",
"refsource": "MISC",
"url": "http://applications.com"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11557",
"datePublished": "2019-05-23T17:17:42",
"dateReserved": "2017-07-22T00:00:00",
"dateUpdated": "2024-08-05T18:12:40.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11738
Vulnerability from cvelistv5
Published
2019-05-23 15:29
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://manageengine.com | x_refsource_MISC | |
| http://application.com | x_refsource_MISC | |
| https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108470 | vdb-entry, x_refsource_BID | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the \u0027haid\u0027 parameter of the \u0027/auditLogAction.do\u0027 module is vulnerable to a Time-based Blind SQL Injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T16:10:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://application.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the \u0027haid\u0027 parameter of the \u0027/auditLogAction.do\u0027 module is vulnerable to a Time-based Blind SQL Injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://manageengine.com",
"refsource": "MISC",
"url": "http://manageengine.com"
},
{
"name": "http://application.com",
"refsource": "MISC",
"url": "http://application.com"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734"
},
{
"name": "108470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108470"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11738",
"datePublished": "2019-05-23T15:29:28",
"dateReserved": "2017-07-29T00:00:00",
"dateUpdated": "2024-08-05T18:19:38.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10816
Vulnerability from cvelistv5
Published
2020-10-08 16:50
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html | x_refsource_CONFIRM | |
| https://gitlab.com/eLeN3Re/CVE-2020-10816 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-10816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T16:50:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-10816"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2020-10816",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2020-10816"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10816",
"datePublished": "2020-10-08T16:50:02",
"dateReserved": "2020-03-22T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27733
Vulnerability from cvelistv5
Published
2021-01-19 15:53
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T03:32:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14880",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27733",
"datePublished": "2021-01-19T15:53:26",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15169
Vulnerability from cvelistv5
Published
2018-08-08 00:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/issues.html | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html | x_refsource_CONFIRM | |
| https://github.com/x-f1v3/ForCve/issues/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/x-f1v3/ForCve/issues/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/x-f1v3/ForCve/issues/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
},
{
"name": "https://github.com/x-f1v3/ForCve/issues/3",
"refsource": "MISC",
"url": "https://github.com/x-f1v3/ForCve/issues/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15169",
"datePublished": "2018-08-08T00:00:00",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16846
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
},
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16846",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16543
Vulnerability from cvelistv5
Published
2017-11-05 17:00
Modified
2024-08-05 20:27
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/43129/ | exploit, x_refsource_EXPLOIT-DB | |
| http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43129",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43129",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43129",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43129/"
},
{
"name": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16543",
"datePublished": "2017-11-05T17:00:00",
"dateReserved": "2017-11-05T00:00:00",
"dateUpdated": "2024-08-05T20:27:04.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5678
Vulnerability from cvelistv5
Published
2024-08-01 06:54
Modified
2024-08-02 15:40
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:24:20.985989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:40:34.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "170900",
"status": "affected",
"version": "0",
"versionType": "170900"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T06:54:25.601Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5678",
"datePublished": "2024-08-01T06:54:25.601Z",
"dateReserved": "2024-06-06T11:29:14.674Z",
"dateUpdated": "2024-08-02T15:40:34.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19799
Vulnerability from cvelistv5
Published
2020-03-13 16:18
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/eLeN3Re/cve-2019-19799 | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/cve-2019-19799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:52:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/cve-2019-19799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/eLeN3Re/cve-2019-19799",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/cve-2019-19799"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19799",
"datePublished": "2020-03-13T16:18:12",
"dateReserved": "2019-12-15T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11448
Vulnerability from cvelistv5
Published
2019-04-22 04:01
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46725/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/46725 | x_refsource_MISC | |
| https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46725",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46725/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T17:05:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46725",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46725/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46725",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46725/"
},
{
"name": "https://www.exploit-db.com/exploits/46725",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46725"
},
{
"name": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11448",
"datePublished": "2019-04-22T04:01:40",
"dateReserved": "2019-04-21T00:00:00",
"dateUpdated": "2024-08-04T22:55:39.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16851
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16851.html"
},
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16851",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16850
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html"
},
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16850",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16267
Vulnerability from cvelistv5
Published
2020-10-06 19:02
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html#v14750 | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T19:02:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16267",
"datePublished": "2020-10-06T19:02:42",
"dateReserved": "2020-08-03T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15168
Vulnerability from cvelistv5
Published
2018-08-08 00:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/issues.html | x_refsource_MISC | |
| https://github.com/x-f1v3/ForCve/issues/2 | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/x-f1v3/ForCve/issues/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/x-f1v3/ForCve/issues/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "https://github.com/x-f1v3/ForCve/issues/2",
"refsource": "MISC",
"url": "https://github.com/x-f1v3/ForCve/issues/2"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15168",
"datePublished": "2018-08-08T00:00:00",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35765
Vulnerability from cvelistv5
Published
2021-02-05 08:55
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.tenable.com/security/research/tra-2021-02 | x_refsource_MISC | |
| https://www.tenable.com/security/research/tra-2021-02 | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/issues.html#v15000 | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v15000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T19:32:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v15000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.tenable.com/security/research/tra-2021-02",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"name": "https://www.tenable.com/security/research/tra-2021-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/research/tra-2021-02"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v15000",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v15000"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35765",
"datePublished": "2021-02-05T08:55:35",
"dateReserved": "2020-12-28T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15927
Vulnerability from cvelistv5
Published
2020-10-06 18:56
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/issues.html#v14750 | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T18:56:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15927",
"datePublished": "2020-10-06T18:56:15",
"dateReserved": "2020-07-24T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16364
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.jamesotten.com/post/applications-manager-rce/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:31.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jamesotten.com/post/applications-manager-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jamesotten.com/post/applications-manager-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jamesotten.com/post/applications-manager-rce/",
"refsource": "MISC",
"url": "https://blog.jamesotten.com/post/applications-manager-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16364",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:31.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16848
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-16T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16848",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7890
Vulnerability from cvelistv5
Published
2018-03-08 22:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44274/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/103358 | vdb-entry, x_refsource_BID | |
| https://github.com/rapid7/metasploit-framework/pull/9684 | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html | x_refsource_CONFIRM | |
| https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"
},
{
"name": "44274",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44274/"
},
{
"name": "103358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/9684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"
},
{
"name": "44274",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44274/"
},
{
"name": "103358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/9684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/",
"refsource": "MISC",
"url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"
},
{
"name": "44274",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44274/"
},
{
"name": "103358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103358"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/9684",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/9684"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"
},
{
"name": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7890",
"datePublished": "2018-03-08T22:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15104
Vulnerability from cvelistv5
Published
2019-08-16 02:44
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T21:12:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the \"Execute Program Action(s)\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47227",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47227"
},
{
"name": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15104",
"datePublished": "2019-08-16T02:44:45",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23050
Vulnerability from cvelistv5
Published
2022-05-24 18:02
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/cerati/ | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine AppManager15 |
Version: Build No:15510 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine AppManager15",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build No:15510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-24T18:02:05",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine AppManager15",
"version": {
"version_data": [
{
"version_value": "Build No:15510"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/cerati/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23050",
"datePublished": "2022-05-24T18:02:05",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:43.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19800
Vulnerability from cvelistv5
Published
2020-02-06 16:06
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://gitlab.com/eLeN3Re/CVE-2019-19800/ | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/release-notes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T16:06:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2019-19800/",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19800",
"datePublished": "2020-02-06T16:06:41",
"dateReserved": "2019-12-15T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16847
Vulnerability from cvelistv5
Published
2017-11-16 17:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16847",
"datePublished": "2017-11-16T17:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19475
Vulnerability from cvelistv5
Published
2020-01-10 21:18
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \u201cAuthenticated Users\u201d group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T21:18:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \u201cAuthenticated Users\u201d group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19475",
"datePublished": "2020-01-10T21:18:00",
"dateReserved": "2019-12-01T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38333
Vulnerability from cvelistv5
Published
2023-08-10 00:00
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38333",
"datePublished": "2023-08-10T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-08-02T17:39:12.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15394
Vulnerability from cvelistv5
Published
2020-09-25 06:11
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/applications_manager/issues.html#v14740 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T06:11:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14740",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15394",
"datePublished": "2020-09-25T06:11:41",
"dateReserved": "2020-06-30T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27995
Vulnerability from cvelistv5
Published
2020-10-29 16:31
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/applications_manager/issues.html#v14560 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T16:31:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14560",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27995",
"datePublished": "2020-10-29T16:31:52",
"dateReserved": "2020-10-29T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}