What is the severity of CVE-2020-15394?

CVE-2020-15394 is considered a critical vulnerability due to its potential for unauthenticated SQL injection leading to remote code execution.

How do I fix CVE-2020-15394?

To fix CVE-2020-15394, upgrade to Zoho ManageEngine Applications Manager build 14740 or later.

What are the potential impacts of CVE-2020-15394?

The potential impacts of CVE-2020-15394 include unauthorized access to the system, data theft, and complete control over the affected application.

Can CVE-2020-15394 be exploited remotely?

Yes, CVE-2020-15394 can be exploited remotely without authentication.

Which applications are affected by CVE-2020-15394?

CVE-2020-15394 affects all versions of Zoho ManageEngine Applications Manager prior to build 14740.

Vulnerability/
CVE-2020-15394

critical

9.8

CWE

25/9/2020

4/8/2024

CVE-2020-15394: SQL Injection

First published: Fri Sep 25 2020(Updated: )

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ManageEngine Applications Manager	<14.0
ManageEngine Applications Manager	=14.0
ManageEngine Applications Manager	=14.0-build14000
ManageEngine Applications Manager	=14.0-build14010
ManageEngine Applications Manager	=14.0-build14020
ManageEngine Applications Manager	=14.0-build14030
ManageEngine Applications Manager	=14.0-build14040
ManageEngine Applications Manager	=14.0-build14050
ManageEngine Applications Manager	=14.0-build14060
ManageEngine Applications Manager	=14.0-build14070
ManageEngine Applications Manager	=14.0-build14071
ManageEngine Applications Manager	=14.0-build14072
ManageEngine Applications Manager	=14.0-build14073
ManageEngine Applications Manager	=14.0-build14080
ManageEngine Applications Manager	=14.0-build14090
ManageEngine Applications Manager	=14.0-build14100
ManageEngine Applications Manager	=14.0-build14110
ManageEngine Applications Manager	=14.0-build14120
ManageEngine Applications Manager	=14.0-build14130
ManageEngine Applications Manager	=14.0-build14140
ManageEngine Applications Manager	=14.0-build14150
ManageEngine Applications Manager	=14.0-build14160
ManageEngine Applications Manager	=14.0-build14170
ManageEngine Applications Manager	=14.0-build14180
ManageEngine Applications Manager	=14.0-build14190
ManageEngine Applications Manager	=14.0-build14200
ManageEngine Applications Manager	=14.0-build14210
ManageEngine Applications Manager	=14.0-build14220
ManageEngine Applications Manager	=14.0-build14230
ManageEngine Applications Manager	=14.0-build14240
ManageEngine Applications Manager	=14.0-build14250
ManageEngine Applications Manager	=14.0-build14260
ManageEngine Applications Manager	=14.0-build14261
ManageEngine Applications Manager	=14.0-build14262
ManageEngine Applications Manager	=14.0-build14270
ManageEngine Applications Manager	=14.0-build14280
ManageEngine Applications Manager	=14.0-build14290
ManageEngine Applications Manager	=14.0-build14300
ManageEngine Applications Manager	=14.0-build14310
ManageEngine Applications Manager	=14.0-build14330
ManageEngine Applications Manager	=14.0-build14331
ManageEngine Applications Manager	=14.0-build14332
ManageEngine Applications Manager	=14.0-build14340
ManageEngine Applications Manager	=14.0-build14350
ManageEngine Applications Manager	=14.0-build14360
ManageEngine Applications Manager	=14.0-build14361
ManageEngine Applications Manager	=14.0-build14370
ManageEngine Applications Manager	=14.0-build14380
ManageEngine Applications Manager	=14.0-build14390
ManageEngine Applications Manager	=14.0-build14400
ManageEngine Applications Manager	=14.0-build14401
ManageEngine Applications Manager	=14.0-build14410
ManageEngine Applications Manager	=14.0-build14420
ManageEngine Applications Manager	=14.0-build14430
ManageEngine Applications Manager	=14.0-build14440
ManageEngine Applications Manager	=14.0-build14450
ManageEngine Applications Manager	=14.0-build14460
ManageEngine Applications Manager	=14.0-build14470
ManageEngine Applications Manager	=14.0-build14480
ManageEngine Applications Manager	=14.0-build14490
ManageEngine Applications Manager	=14.0-build14500
ManageEngine Applications Manager	=14.0-build14510
ManageEngine Applications Manager	=14.0-build14520
ManageEngine Applications Manager	=14.0-build14530
ManageEngine Applications Manager	=14.0-build14531
ManageEngine Applications Manager	=14.0-build14532
ManageEngine Applications Manager	=14.0-build14533
ManageEngine Applications Manager	=14.0-build14540
ManageEngine Applications Manager	=14.0-build14550
ManageEngine Applications Manager	=14.0-build14560
ManageEngine Applications Manager	=14.0-build14570
ManageEngine Applications Manager	=14.0-build14580
ManageEngine Applications Manager	=14.0-build14590
ManageEngine Applications Manager	=14.0-build14600
ManageEngine Applications Manager	=14.0-build14610
ManageEngine Applications Manager	=14.0-build14620
ManageEngine Applications Manager	=14.0-build14630
ManageEngine Applications Manager	=14.0-build14660
ManageEngine Applications Manager	=14.0-build14670
ManageEngine Applications Manager	=14.0-build14681
ManageEngine Applications Manager	=14.0-build14682
ManageEngine Applications Manager	=14.0-build14683
ManageEngine Applications Manager	=14.0-build14684
ManageEngine Applications Manager	=14.0-build14685
ManageEngine Applications Manager	=14.0-build14690
ManageEngine Applications Manager	=14.0-build14700
ManageEngine Applications Manager	=14.0-build14710
ManageEngine Applications Manager	=14.0-build14720
ManageEngine Applications Manager	=14.0-build14730

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-15394?
CVE-2020-15394 is considered a critical vulnerability due to its potential for unauthenticated SQL injection leading to remote code execution.
How do I fix CVE-2020-15394?
To fix CVE-2020-15394, upgrade to Zoho ManageEngine Applications Manager build 14740 or later.
What are the potential impacts of CVE-2020-15394?
The potential impacts of CVE-2020-15394 include unauthorized access to the system, data theft, and complete control over the affected application.
Can CVE-2020-15394 be exploited remotely?
Yes, CVE-2020-15394 can be exploited remotely without authentication.
Which applications are affected by CVE-2020-15394?
CVE-2020-15394 affects all versions of Zoho ManageEngine Applications Manager prior to build 14740.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/event
agent/first-publish-date
agent/description
agent/weakness
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zohocorp
canonical/manageengine applications manager
version/manageengine applications manager/14.0
version/manageengine applications manager/14.0-build14000
version/manageengine applications manager/14.0-build14010
version/manageengine applications manager/14.0-build14020
version/manageengine applications manager/14.0-build14030
version/manageengine applications manager/14.0-build14040
version/manageengine applications manager/14.0-build14050
version/manageengine applications manager/14.0-build14060
version/manageengine applications manager/14.0-build14070
version/manageengine applications manager/14.0-build14071
version/manageengine applications manager/14.0-build14072
version/manageengine applications manager/14.0-build14073
version/manageengine applications manager/14.0-build14080
version/manageengine applications manager/14.0-build14090
version/manageengine applications manager/14.0-build14100
version/manageengine applications manager/14.0-build14110
version/manageengine applications manager/14.0-build14120
version/manageengine applications manager/14.0-build14130
version/manageengine applications manager/14.0-build14140
version/manageengine applications manager/14.0-build14150
version/manageengine applications manager/14.0-build14160
version/manageengine applications manager/14.0-build14170
version/manageengine applications manager/14.0-build14180
version/manageengine applications manager/14.0-build14190
version/manageengine applications manager/14.0-build14200
version/manageengine applications manager/14.0-build14210
version/manageengine applications manager/14.0-build14220
version/manageengine applications manager/14.0-build14230
version/manageengine applications manager/14.0-build14240
version/manageengine applications manager/14.0-build14250
version/manageengine applications manager/14.0-build14260
version/manageengine applications manager/14.0-build14261
version/manageengine applications manager/14.0-build14262
version/manageengine applications manager/14.0-build14270
version/manageengine applications manager/14.0-build14280
version/manageengine applications manager/14.0-build14290
version/manageengine applications manager/14.0-build14300
version/manageengine applications manager/14.0-build14310
version/manageengine applications manager/14.0-build14330
version/manageengine applications manager/14.0-build14331
version/manageengine applications manager/14.0-build14332
version/manageengine applications manager/14.0-build14340
version/manageengine applications manager/14.0-build14350
version/manageengine applications manager/14.0-build14360
version/manageengine applications manager/14.0-build14361
version/manageengine applications manager/14.0-build14370
version/manageengine applications manager/14.0-build14380
version/manageengine applications manager/14.0-build14390
version/manageengine applications manager/14.0-build14400
version/manageengine applications manager/14.0-build14401
version/manageengine applications manager/14.0-build14410
version/manageengine applications manager/14.0-build14420
version/manageengine applications manager/14.0-build14430
version/manageengine applications manager/14.0-build14440
version/manageengine applications manager/14.0-build14450
version/manageengine applications manager/14.0-build14460
version/manageengine applications manager/14.0-build14470
version/manageengine applications manager/14.0-build14480
version/manageengine applications manager/14.0-build14490
version/manageengine applications manager/14.0-build14500
version/manageengine applications manager/14.0-build14510
version/manageengine applications manager/14.0-build14520
version/manageengine applications manager/14.0-build14530
version/manageengine applications manager/14.0-build14531
version/manageengine applications manager/14.0-build14532
version/manageengine applications manager/14.0-build14533
version/manageengine applications manager/14.0-build14540
version/manageengine applications manager/14.0-build14550
version/manageengine applications manager/14.0-build14560
version/manageengine applications manager/14.0-build14570
version/manageengine applications manager/14.0-build14580
version/manageengine applications manager/14.0-build14590
version/manageengine applications manager/14.0-build14600
version/manageengine applications manager/14.0-build14610
version/manageengine applications manager/14.0-build14620
version/manageengine applications manager/14.0-build14630
version/manageengine applications manager/14.0-build14660
version/manageengine applications manager/14.0-build14670
version/manageengine applications manager/14.0-build14681
version/manageengine applications manager/14.0-build14682
version/manageengine applications manager/14.0-build14683
version/manageengine applications manager/14.0-build14684
version/manageengine applications manager/14.0-build14685
version/manageengine applications manager/14.0-build14690
version/manageengine applications manager/14.0-build14700
version/manageengine applications manager/14.0-build14710
version/manageengine applications manager/14.0-build14720
version/manageengine applications manager/14.0-build14730