PT-2020-13836 · Zoho · Zoho Manageengine Applications Manager

Published

2020-09-04

Updated

2020-09-16

CVE-2020-14008

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions 14710 and before

Description The issue allows an authenticated admin user to upload a vulnerable jar in a specific location, leading to remote code execution.

Recommendations For versions 14710 and before, consider restricting access to the jar upload functionality until a patch is available. As a temporary workaround, limit administrative access to minimize the risk of exploitation.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-14008

Affected Products

Zoho Manageengine Applications Manager

PT-2020-13836 · Zoho · Zoho Manageengine Applications Manager

CVE-2020-14008

Weakness Enumeration

Related Identifiers

Affected Products

References · 6