CVE-2020-35765

2021-02-0508:55:35

mitre

www.cve.org

cve-2020-35765

sql injection

zoho manageengine applications manager

AI Score

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

References

www.manageengine.com

www.manageengine.com/products/applications_manager/issues.html#v15000

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html

www.tenable.com/security/research/tra-2021-02