fkie_cve-2020-27995
Vulnerability from fkie_nvd
Published
2020-10-29 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "59E9390D-5DEB-4D0B-B304-84023A1AE9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*",
"matchCriteriaId": "7D25C680-75B3-4285-9DE1-61755DC6CA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*",
"matchCriteriaId": "50453E27-2E38-4101-9CF4-48DB99C69842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*",
"matchCriteriaId": "9D369493-65F3-4655-8049-0CFCEDADE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*",
"matchCriteriaId": "F1F20F68-25EA-46A2-9B5E-6422A6CBF921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*",
"matchCriteriaId": "41A93890-6484-48A0-863F-EDDAE3E73940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*",
"matchCriteriaId": "905119AD-C900-4A95-827B-C9BD2A3A38F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*",
"matchCriteriaId": "EA55C91C-74B2-4A92-99C3-C30EC29B9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*",
"matchCriteriaId": "B1FE4E15-0A4C-4E5A-BE7D-ECB83965164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*",
"matchCriteriaId": "E1322B34-8A8B-4796-8574-8A09AF93889F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*",
"matchCriteriaId": "3C8724F9-C33B-4BD7-8BED-919D211BF35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*",
"matchCriteriaId": "EA9199F6-6649-44D4-9A26-C9020A85963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*",
"matchCriteriaId": "92E0BD76-9B86-4268-BC23-65B826AD489A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*",
"matchCriteriaId": "67C94A6A-8D0E-4EFB-93B5-5DC2A28B25DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*",
"matchCriteriaId": "C6A3DCE6-328B-453C-97B2-8FA70F113CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*",
"matchCriteriaId": "29B3D159-1C80-43E6-B630-F373C8F41A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*",
"matchCriteriaId": "D8EDAA3F-EE45-4888-BA4A-E36F8FD879BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*",
"matchCriteriaId": "D603BCB2-7A39-4CD3-AE1E-9244DD9D5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*",
"matchCriteriaId": "EC3AD941-D31B-4760-B9D2-7930E121D2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*",
"matchCriteriaId": "A70646ED-342F-47BD-85D7-D43B79BD50EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*",
"matchCriteriaId": "423396CC-1B12-4449-B000-C3C554E9800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*",
"matchCriteriaId": "5909613D-013F-4C3B-8204-6BB7A9968A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*",
"matchCriteriaId": "3423D181-FCA3-4818-8459-4073E73FDEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*",
"matchCriteriaId": "4FBED0C7-7B28-4AE7-B4B0-EB71F2CB860F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*",
"matchCriteriaId": "195ABF09-6D57-4DCF-B8A6-72AC24A8B29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*",
"matchCriteriaId": "AC95E820-FBF3-4CB9-A54C-24198D21197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*",
"matchCriteriaId": "F182989C-7BF6-4DAD-8011-813FDF182251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*",
"matchCriteriaId": "66CD9609-884A-4B9D-A6D2-D23132FE8CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*",
"matchCriteriaId": "CD7CD16C-B70A-47E1-8DF7-FCCE1316644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*",
"matchCriteriaId": "A7581669-97A3-4611-9779-58EF74B50A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*",
"matchCriteriaId": "849D811F-9DB7-4E23-8539-0F1CB0981918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*",
"matchCriteriaId": "2C439233-2403-40A7-9D87-63C8FD2AE60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*",
"matchCriteriaId": "9853B707-4B58-4787-9779-76523365C774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*",
"matchCriteriaId": "516685FD-8707-4588-9C1C-CD5EF65B0F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*",
"matchCriteriaId": "AC9198C7-A062-4F33-8B17-2521193FEBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*",
"matchCriteriaId": "728DDA8D-A0E2-4086-B4B9-E5BD698D1BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*",
"matchCriteriaId": "91DA2DFA-1739-4DA7-8814-A99BA30497A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*",
"matchCriteriaId": "0EA1F760-7F12-40CE-A0C9-AE03B2D17949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*",
"matchCriteriaId": "CCDCB80D-385C-4CFD-B833-96C525BEF2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*",
"matchCriteriaId": "B7CD6E6C-1C54-4807-9646-376D53D0FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*",
"matchCriteriaId": "A9B45558-77F8-41A8-84EA-B9D902A044DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1D9B-C55A-401F-B6F4-AEFB36D7732E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*",
"matchCriteriaId": "BAAA8B67-C6BF-4517-8867-A4FF16C9F223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*",
"matchCriteriaId": "D3A28637-0557-4720-A71B-371AA9CEE002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*",
"matchCriteriaId": "5AEA57E7-7CD2-4A1E-9CFD-B89FACFFED78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*",
"matchCriteriaId": "A53FF500-6C40-41F5-8B95-43F71D74DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*",
"matchCriteriaId": "9B7C7BED-ACF8-4001-93F8-4DCFB452370E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*",
"matchCriteriaId": "DB52F791-A91E-41C6-811E-E74A19887491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*",
"matchCriteriaId": "82944FCA-6C44-4253-B9C1-47E5C77A8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*",
"matchCriteriaId": "811B9D86-B63C-43A0-A671-A1F22BFFFA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*",
"matchCriteriaId": "538B5DDE-5088-492C-B8F6-3AA5901694EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4D1F-F59B-4A52-87D6-5EE3B40FB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*",
"matchCriteriaId": "5F61A9B5-58A1-43F5-BB35-66A6F92DC423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*",
"matchCriteriaId": "CCAAA0B3-7A12-410A-8B9D-69840E8165D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*",
"matchCriteriaId": "1FCDD28C-6C07-4EA5-82EB-B0B34950E9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n SQL en Zoho ManageEngine Applications Manager 14 versiones anteriores a 14560, permite a un atacante ejecutar comandos en el servidor por medio del par\u00e1metro template_resid del archivo MyPage.do"
}
],
"id": "CVE-2020-27995",
"lastModified": "2024-11-21T05:22:10.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-29T17:15:12.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.