PT-2021-11071 · Zoho · Zoho Manageengine Applications Manager

Published

2021-11-03

Updated

2021-11-05

CVE-2020-24743

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions up to 14550

Description: An issue was found in the "/showReports.do" endpoint of Zoho ManageEngine Applications Manager, allowing attackers to gain escalated privileges via the resourceid parameter.

Recommendations: For versions up to 14550, consider restricting access to the "/showReports.do" endpoint until a fix is available. As a temporary workaround, avoid using the resourceid parameter in the affected endpoint to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-24743

Affected Products

Zoho Manageengine Applications Manager

PT-2021-11071 · Zoho · Zoho Manageengine Applications Manager

CVE-2020-24743

Related Identifiers

Affected Products

References · 4