PT-2020-5327 · Zoho · Zoho Manageengine Applications Manager

Vu Van Tien

Published

2020-10-06

Updated

2020-10-14

CVE-2020-15927

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager version 14740 and prior

Description The issue is related to a lack of protection against SQL query structure exploitation in the Zoho ManageEngine Applications Manager. This can be exploited by a remote attacker using a crafted jsp request in the SAP module, allowing the execution of arbitrary SQL queries.

Recommendations For Zoho ManageEngine Applications Manager version 14740 and prior, update to a version later than 14740 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2021-00105

CVE-2020-15927

Affected Products

Zoho Manageengine Applications Manager

PT-2020-5327 · Zoho · Zoho Manageengine Applications Manager

CVE-2020-15927

Weakness Enumeration

Related Identifiers

Affected Products

References · 6