CVE-2018-15168

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager version 13 before build 13820

Description A SQL Injection issue exists via the resids parameter in a "/editDisplaynames.do?method=editDisplaynames" GET request.

Recommendations For Zoho ManageEngine Applications Manager version 13 before build 13820, update to build 13820 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/editDisplaynames.do?method=editDisplaynames" API endpoint to minimize the risk of exploitation. Avoid using the resids parameter in the affected API endpoint until the issue is resolved.