Zoho · Zoho Manageengine Applications Manager · CVE-2017-11738
**Name of the Vulnerable Software and Affected Versions**
Zoho ManageEngine Application Manager versions prior to 14.6 Build 14660
**Description**
The issue concerns a Time-based Blind SQL Injection attack. Specifically, the `haid` parameter of the "/auditLogAction.do" module is vulnerable.
**Recommendations**
For versions prior to 14.6 Build 14660, update to version 14.6 Build 14660 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/auditLogAction.do" module to minimize the risk of exploitation. Avoid using the `haid` parameter in the affected module until the issue is resolved.