CVE-2020-14008: Malicious File Upload
First published: Fri Sep 04 2020(Updated: )
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine Applications Manager | <=13.0 | |
| ManageEngine Applications Manager | =14.0 | |
| ManageEngine Applications Manager | =14.0-build14000 | |
| ManageEngine Applications Manager | =14.0-build14010 | |
| ManageEngine Applications Manager | =14.0-build14020 | |
| ManageEngine Applications Manager | =14.0-build14030 | |
| ManageEngine Applications Manager | =14.0-build14040 | |
| ManageEngine Applications Manager | =14.0-build14050 | |
| ManageEngine Applications Manager | =14.0-build14060 | |
| ManageEngine Applications Manager | =14.0-build14070 | |
| ManageEngine Applications Manager | =14.0-build14071 | |
| ManageEngine Applications Manager | =14.0-build14072 | |
| ManageEngine Applications Manager | =14.0-build14073 | |
| ManageEngine Applications Manager | =14.0-build14080 | |
| ManageEngine Applications Manager | =14.0-build14090 | |
| ManageEngine Applications Manager | =14.0-build14100 | |
| ManageEngine Applications Manager | =14.0-build14110 | |
| ManageEngine Applications Manager | =14.0-build14120 | |
| ManageEngine Applications Manager | =14.0-build14130 | |
| ManageEngine Applications Manager | =14.0-build14140 | |
| ManageEngine Applications Manager | =14.0-build14150 | |
| ManageEngine Applications Manager | =14.0-build14160 | |
| ManageEngine Applications Manager | =14.0-build14170 | |
| ManageEngine Applications Manager | =14.0-build14180 | |
| ManageEngine Applications Manager | =14.0-build14190 | |
| ManageEngine Applications Manager | =14.0-build14200 | |
| ManageEngine Applications Manager | =14.0-build14210 | |
| ManageEngine Applications Manager | =14.0-build14220 | |
| ManageEngine Applications Manager | =14.0-build14230 | |
| ManageEngine Applications Manager | =14.0-build14240 | |
| ManageEngine Applications Manager | =14.0-build14250 | |
| ManageEngine Applications Manager | =14.0-build14260 | |
| ManageEngine Applications Manager | =14.0-build14261 | |
| ManageEngine Applications Manager | =14.0-build14262 | |
| ManageEngine Applications Manager | =14.0-build14270 | |
| ManageEngine Applications Manager | =14.0-build14280 | |
| ManageEngine Applications Manager | =14.0-build14290 | |
| ManageEngine Applications Manager | =14.0-build14300 | |
| ManageEngine Applications Manager | =14.0-build14310 | |
| ManageEngine Applications Manager | =14.0-build14330 | |
| ManageEngine Applications Manager | =14.0-build14331 | |
| ManageEngine Applications Manager | =14.0-build14332 | |
| ManageEngine Applications Manager | =14.0-build14340 | |
| ManageEngine Applications Manager | =14.0-build14350 | |
| ManageEngine Applications Manager | =14.0-build14360 | |
| ManageEngine Applications Manager | =14.0-build14361 | |
| ManageEngine Applications Manager | =14.0-build14370 | |
| ManageEngine Applications Manager | =14.0-build14380 | |
| ManageEngine Applications Manager | =14.0-build14390 | |
| ManageEngine Applications Manager | =14.0-build14400 | |
| ManageEngine Applications Manager | =14.0-build14401 | |
| ManageEngine Applications Manager | =14.0-build14410 | |
| ManageEngine Applications Manager | =14.0-build14420 | |
| ManageEngine Applications Manager | =14.0-build14430 | |
| ManageEngine Applications Manager | =14.0-build14440 | |
| ManageEngine Applications Manager | =14.0-build14450 | |
| ManageEngine Applications Manager | =14.0-build14460 | |
| ManageEngine Applications Manager | =14.0-build14470 | |
| ManageEngine Applications Manager | =14.0-build14480 | |
| ManageEngine Applications Manager | =14.0-build14490 | |
| ManageEngine Applications Manager | =14.0-build14500 | |
| ManageEngine Applications Manager | =14.0-build14510 | |
| ManageEngine Applications Manager | =14.0-build14520 | |
| ManageEngine Applications Manager | =14.0-build14530 | |
| ManageEngine Applications Manager | =14.0-build14531 | |
| ManageEngine Applications Manager | =14.0-build14532 | |
| ManageEngine Applications Manager | =14.0-build14533 | |
| ManageEngine Applications Manager | =14.0-build14540 | |
| ManageEngine Applications Manager | =14.0-build14550 | |
| ManageEngine Applications Manager | =14.0-build14560 | |
| ManageEngine Applications Manager | =14.0-build14570 | |
| ManageEngine Applications Manager | =14.0-build14580 | |
| ManageEngine Applications Manager | =14.0-build14590 | |
| ManageEngine Applications Manager | =14.0-build14600 | |
| ManageEngine Applications Manager | =14.0-build14610 | |
| ManageEngine Applications Manager | =14.0-build14620 | |
| ManageEngine Applications Manager | =14.0-build14630 | |
| ManageEngine Applications Manager | =14.0-build14660 | |
| ManageEngine Applications Manager | =14.0-build14670 | |
| ManageEngine Applications Manager | =14.0-build14681 | |
| ManageEngine Applications Manager | =14.0-build14682 | |
| ManageEngine Applications Manager | =14.0-build14683 | |
| ManageEngine Applications Manager | =14.0-build14684 | |
| ManageEngine Applications Manager | =14.0-build14685 | |
| ManageEngine Applications Manager | =14.0-build14690 | |
| ManageEngine Applications Manager | =14.0-build14700 | |
| ManageEngine Applications Manager | =14.0-build14710 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-14008?
CVE-2020-14008 has a high severity rating due to its potential for remote code execution by an authenticated user.
How do I fix CVE-2020-14008?
To fix CVE-2020-14008, upgrade Zoho ManageEngine Applications Manager to version 14.0 build 14730 or later.
Who is affected by CVE-2020-14008?
CVE-2020-14008 affects multiple versions of Zoho ManageEngine Applications Manager, specifically versions prior to 14.0 build 14730.
What type of vulnerability is CVE-2020-14008?
CVE-2020-14008 is a remote code execution vulnerability that can be exploited by an authenticated administrator.
Can CVE-2020-14008 be exploited without authentication?
No, CVE-2020-14008 requires authentication as an admin user to exploit the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine applications manager
- version/manageengine applications manager/13.0
- version/manageengine applications manager/14.0
- version/manageengine applications manager/14.0-build14000
- version/manageengine applications manager/14.0-build14010
- version/manageengine applications manager/14.0-build14020
- version/manageengine applications manager/14.0-build14030
- version/manageengine applications manager/14.0-build14040
- version/manageengine applications manager/14.0-build14050
- version/manageengine applications manager/14.0-build14060
- version/manageengine applications manager/14.0-build14070
- version/manageengine applications manager/14.0-build14071
- version/manageengine applications manager/14.0-build14072
- version/manageengine applications manager/14.0-build14073
- version/manageengine applications manager/14.0-build14080
- version/manageengine applications manager/14.0-build14090
- version/manageengine applications manager/14.0-build14100
- version/manageengine applications manager/14.0-build14110
- version/manageengine applications manager/14.0-build14120
- version/manageengine applications manager/14.0-build14130
- version/manageengine applications manager/14.0-build14140
- version/manageengine applications manager/14.0-build14150
- version/manageengine applications manager/14.0-build14160
- version/manageengine applications manager/14.0-build14170
- version/manageengine applications manager/14.0-build14180
- version/manageengine applications manager/14.0-build14190
- version/manageengine applications manager/14.0-build14200
- version/manageengine applications manager/14.0-build14210
- version/manageengine applications manager/14.0-build14220
- version/manageengine applications manager/14.0-build14230
- version/manageengine applications manager/14.0-build14240
- version/manageengine applications manager/14.0-build14250
- version/manageengine applications manager/14.0-build14260
- version/manageengine applications manager/14.0-build14261
- version/manageengine applications manager/14.0-build14262
- version/manageengine applications manager/14.0-build14270
- version/manageengine applications manager/14.0-build14280
- version/manageengine applications manager/14.0-build14290
- version/manageengine applications manager/14.0-build14300
- version/manageengine applications manager/14.0-build14310
- version/manageengine applications manager/14.0-build14330
- version/manageengine applications manager/14.0-build14331
- version/manageengine applications manager/14.0-build14332
- version/manageengine applications manager/14.0-build14340
- version/manageengine applications manager/14.0-build14350
- version/manageengine applications manager/14.0-build14360
- version/manageengine applications manager/14.0-build14361
- version/manageengine applications manager/14.0-build14370
- version/manageengine applications manager/14.0-build14380
- version/manageengine applications manager/14.0-build14390
- version/manageengine applications manager/14.0-build14400
- version/manageengine applications manager/14.0-build14401
- version/manageengine applications manager/14.0-build14410
- version/manageengine applications manager/14.0-build14420
- version/manageengine applications manager/14.0-build14430
- version/manageengine applications manager/14.0-build14440
- version/manageengine applications manager/14.0-build14450
- version/manageengine applications manager/14.0-build14460
- version/manageengine applications manager/14.0-build14470
- version/manageengine applications manager/14.0-build14480
- version/manageengine applications manager/14.0-build14490
- version/manageengine applications manager/14.0-build14500
- version/manageengine applications manager/14.0-build14510
- version/manageengine applications manager/14.0-build14520
- version/manageengine applications manager/14.0-build14530
- version/manageengine applications manager/14.0-build14531
- version/manageengine applications manager/14.0-build14532
- version/manageengine applications manager/14.0-build14533
- version/manageengine applications manager/14.0-build14540
- version/manageengine applications manager/14.0-build14550
- version/manageengine applications manager/14.0-build14560
- version/manageengine applications manager/14.0-build14570
- version/manageengine applications manager/14.0-build14580
- version/manageengine applications manager/14.0-build14590
- version/manageengine applications manager/14.0-build14600
- version/manageengine applications manager/14.0-build14610
- version/manageengine applications manager/14.0-build14620
- version/manageengine applications manager/14.0-build14630
- version/manageengine applications manager/14.0-build14660
- version/manageengine applications manager/14.0-build14670
- version/manageengine applications manager/14.0-build14681
- version/manageengine applications manager/14.0-build14682
- version/manageengine applications manager/14.0-build14683
- version/manageengine applications manager/14.0-build14684
- version/manageengine applications manager/14.0-build14685
- version/manageengine applications manager/14.0-build14690
- version/manageengine applications manager/14.0-build14700
- version/manageengine applications manager/14.0-build14710