CVE-2017-11738

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGH
EPSS
0.8%
top 25.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Applications Manager
Timeline
PublishedMay 23
Latest updateMay 24

Description

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6492-5m8p-9p4g: In Zoho ManageEngine Application Manager 132022-05-24
CVEList
CVE-2017-11738: In Zoho ManageEngine Application Manager prior to 142019-05-23
CVE-2017-11738 (HIGH CVSS 8.1) | In Zoho ManageEngine Application Ma | cvebase.io