First published: Wed Dec 11 2019(Updated: )
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <13.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19649 is critical with a severity value of 9.8.
CVE-2019-19649 affects Zoho ManageEngine Applications Manager before version 13.7.
The vulnerability type of CVE-2019-19649 is SQL injection.
An attacker can exploit CVE-2019-19649 by sending a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter.
Yes, a patch is available for CVE-2019-19649. Users should update to version 13.7 or later of Zoho ManageEngine Applications Manager.