PT-2022-8906 · Zoho · Zoho Manageengine Applications Manager

Published

2022-01-10

Updated

2022-01-19

CVE-2020-28679

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions prior to build 14550

Description A vulnerability in the showReports module allows authenticated attackers to execute a SQL injection via a crafted request.

Recommendations For versions prior to build 14550, update to build 14550 or later to resolve the issue. As a temporary workaround, consider restricting access to the showReports module to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-28679

Affected Products

Zoho Manageengine Applications Manager

PT-2022-8906 · Zoho · Zoho Manageengine Applications Manager

CVE-2020-28679

Weakness Enumeration

Related Identifiers

Affected Products

References · 4