CVE-2020-15533 — SQL Injection in Manageengine Applications Manager

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

11.4%

top 6.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedOct 1

Latest updateMay 24

Description

In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_applications_manager< 14.6+2

🔴Vulnerability Details

GHSA

GHSA-4w4c-gwj8-5ff9: In Zoho ManageEngine Application Manager 14↗2022-05-24

▶

CVEList

CVE-2020-15533: In Zoho ManageEngine Application Manager 14↗2020-10-01

▶