First published: Thu Oct 01 2020(Updated: )
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <14.6 | |
Zohocorp ManageEngine Applications Manager | =14.6 | |
Zohocorp ManageEngine Applications Manager | =14.6-build14680 | |
Zohocorp ManageEngine Applications Manager | =14.6-build14681 | |
Zohocorp ManageEngine Applications Manager | =14.6-build14682 | |
Zohocorp ManageEngine Applications Manager | =14.6-build14683 | |
Zohocorp ManageEngine Applications Manager | =14.6-build14690 | |
Zohocorp ManageEngine Applications Manager | =14.7 | |
Zohocorp ManageEngine Applications Manager | =14.7-build14700 | |
Zohocorp ManageEngine Applications Manager | =14.7-build14710 | |
Zohocorp ManageEngine Applications Manager | =14.7-build14720 | |
Zohocorp ManageEngine Applications Manager | =14.7-build14730 | |
Zohocorp ManageEngine Applications Manager | =14.7-build14740 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-15533.
The severity of CVE-2020-15533 is critical with a severity value of 9.8.
Zohocorp Manageengine Applications Manager versions 14.6 and 14.7 (builds 14680 to 14683, and builds 14689 to 14750) are affected by CVE-2020-15533.
An attacker can exploit CVE-2020-15533 through an unauthenticated SQL injection attack on the AlarmEscalation module in Zoho ManageEngine Application Manager.
You can find more information about CVE-2020-15533 on the Zoho ManageEngine website.