CVE-2020-35765

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions through 14930

Description: The issue allows an authenticated SQL Injection via the resourceid parameter to "showresource.do". This affects the doFilter function in com.adventnet.appmanager.filter.UriCollector.

Recommendations: For versions through 14930, consider restricting access to the showresource.do endpoint until a patch is available. As a temporary workaround, avoid using the resourceid parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.