Lucene search

[email protected]NVD:CVE-2020-15927

HistoryOct 06, 2020 - 7:15 p.m.

CVE-2020-15927

2020-10-0619:15:13

CWE-89

[email protected]

web.nvd.nist.gov

cve-2020-15927

sql injection

zoho manageengine

applications manager

sap module

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.3%

JSON

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

Affected configurations

Nvd

Node

zohocorpmanageengine_applications_managerMatch14.7

zohocorpmanageengine_applications_managerMatch14.7-

zohocorpmanageengine_applications_managerMatch14.7build14700

zohocorpmanageengine_applications_managerMatch14.7build14710

zohocorpmanageengine_applications_managerMatch14.7build14720

zohocorpmanageengine_applications_managerMatch14.7build14730

zohocorpmanageengine_applications_managerMatch14.7build14740

VendorProductVersionCPE
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:*:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*
zohocorpmanageengine_applications_manager14.7cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:::::::*
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-::::::
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700::::::
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710::::::
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720::::::
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730::::::
zohocorp	manageengine_applications_manager	14.7	cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740::::::

References

www.manageengine.com

www.manageengine.com/products/applications_manager/issues.html#v14750

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.3%

JSON

Related for NVD:CVE-2020-15927

cvelist1 prion1 cve1