critical
10
CWE
287
Advisory Published
Updated

CVE-2020-24786

First published: Mon Aug 31 2020(Updated: )

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zohocorp Manageengine Adselfservice Plus<=5.7
Zohocorp Manageengine Adselfservice Plus=5.8
Zohocorp Manageengine Adselfservice Plus=5.8-5800
Zohocorp Manageengine Adselfservice Plus=5.8-5801
Zohocorp Manageengine Adselfservice Plus=5.8-5802
Zohocorp Manageengine Adselfservice Plus=5.8-5803
Zohocorp Manageengine Adselfservice Plus=5.8-5804
Zohocorp Manageengine Adselfservice Plus=5.8-5805
Zohocorp Manageengine Adselfservice Plus=5.8-5806
Zohocorp Manageengine Adselfservice Plus=5.8-5807
Zohocorp Manageengine Adselfservice Plus=5.8-5808
Zohocorp Manageengine Adselfservice Plus=5.8-5809
Zohocorp Manageengine Adselfservice Plus=5.8-5810
Zohocorp Manageengine Adselfservice Plus=5.8-5811
Zohocorp Manageengine Adselfservice Plus=5.8-5812
Zohocorp Manageengine Adselfservice Plus=5.8-5813
Zohocorp Manageengine Adselfservice Plus=5.8-5814
Zohocorp Manageengine Adselfservice Plus=5.8-5815
Zohocorp Manageengine Adselfservice Plus=5.8-5816
Zohocorp ManageEngine Exchange Reporter Plus<=5.4
Zohocorp ManageEngine Exchange Reporter Plus=5.5-5500
Zohocorp ManageEngine Exchange Reporter Plus=5.5-5501
Zohocorp ManageEngine Exchange Reporter Plus=5.5-5502
Zohocorp ManageEngine Exchange Reporter Plus=5.5-5503
Zohocorp ManageEngine Exchange Reporter Plus=5.5-5504
Zohocorp Manageengine Ad360<=4.1
Zohocorp Manageengine Ad360=4.2-4200
Zohocorp Manageengine Ad360=4.2-4201
Zohocorp Manageengine Ad360=4.2-4202
Zohocorp Manageengine Ad360=4.2-4203
Zohocorp Manageengine Ad360=4.2-4204
Zohocorp Manageengine Ad360=4.2-4205
Zohocorp Manageengine Ad360=4.2-4206
Zohocorp Manageengine Ad360=4.2-4207
Zohocorp Manageengine Ad360=4.2-4208
Zohocorp Manageengine Ad360=4.2-4209
Zohocorp Manageengine Ad360=4.2-4210
Zohocorp Manageengine Ad360=4.2-4212
Zohocorp Manageengine Ad360=4.2-4213
Zohocorp Manageengine Ad360=4.2-4214
Zohocorp Manageengine Ad360=4.2-4215
Zohocorp Manageengine Ad360=4.2-4216
Zohocorp Manageengine Ad360=4.2-4217
Zohocorp Manageengine Ad360=4.2-4219
Zohocorp Manageengine Ad360=4.2-4220
Zohocorp Manageengine Ad360=4.2-4222
Zohocorp Manageengine Ad360=4.2-4223
Zohocorp Manageengine Ad360=4.2-4224
Zohocorp Manageengine Ad360=4.2-4225
Zohocorp Manageengine Ad360=4.2-4227
Zohocorp Manageengine Datasecurity Plus<=5.0
Zohocorp Manageengine Datasecurity Plus=6.0-6000
Zohocorp Manageengine Datasecurity Plus=6.0-6001
Zohocorp Manageengine Datasecurity Plus=6.0-6002
Zohocorp Manageengine Datasecurity Plus=6.0-6003
Zohocorp Manageengine Datasecurity Plus=6.0-6010
Zohocorp Manageengine Datasecurity Plus=6.0-6011
Zohocorp Manageengine Datasecurity Plus=6.0-6012
Zohocorp Manageengine Datasecurity Plus=6.0-6013
Zohocorp Manageengine Datasecurity Plus=6.0-6020
Zohocorp Manageengine Datasecurity Plus=6.0-6021
Zohocorp Manageengine Datasecurity Plus=6.0-6030
Zohocorp Manageengine Datasecurity Plus=6.0-6031
Zohocorp Manageengine Datasecurity Plus=6.0-6032
Zohocorp Manageengine Recovermanager Plus<=5.4
Zohocorp Manageengine Recovermanager Plus=6.0-6001
Zohocorp Manageengine Recovermanager Plus=6.0-6003
Zohocorp Manageengine Recovermanager Plus=6.0-6005
Zohocorp Manageengine Recovermanager Plus=6.0-6011
Zohocorp Manageengine Recovermanager Plus=6.0-6016
Zohocorp Manageengine Eventlog Analyzer<=12.1.2
Zohocorp Manageengine Eventlog Analyzer=12.1.3-12130
Zohocorp Manageengine Eventlog Analyzer=12.1.3-12135
Zohocorp ManageEngine ADAudit Plus<=5.1
Zohocorp ManageEngine ADAudit Plus=6.0-6000
Zohocorp ManageEngine ADAudit Plus=6.0-6001
Zohocorp ManageEngine ADAudit Plus=6.0-6002
Zohocorp ManageEngine ADAudit Plus=6.0-6003
Zohocorp ManageEngine ADAudit Plus=6.0-6010
Zohocorp ManageEngine ADAudit Plus=6.0-6030
Zohocorp ManageEngine ADAudit Plus=6.0-6031
Zohocorp ManageEngine ADAudit Plus=6.0-6032
Zohocorp ManageEngine ADAudit Plus=6.0-6033
Zohocorp ManageEngine ADAudit Plus=6.0-6050
Zohocorp ManageEngine ADAudit Plus=6.0-6052
Zohocorp Manageengine O365 Manager Plus<=4.2
Zohocorp Manageengine O365 Manager Plus=4.3-4300
Zohocorp Manageengine O365 Manager Plus=4.3-4301
Zohocorp Manageengine O365 Manager Plus=4.3-4302
Zohocorp Manageengine O365 Manager Plus=4.3-4303
Zohocorp Manageengine O365 Manager Plus=4.3-4304
Zohocorp Manageengine O365 Manager Plus=4.3-4305
Zohocorp Manageengine O365 Manager Plus=4.3-4306
Zohocorp Manageengine O365 Manager Plus=4.3-4308
Zohocorp Manageengine O365 Manager Plus=4.3-4309
Zohocorp Manageengine O365 Manager Plus=4.3-4310
Zohocorp Manageengine O365 Manager Plus=4.3-4311
Zohocorp Manageengine O365 Manager Plus=4.3-4312
Zohocorp Manageengine O365 Manager Plus=4.3-4316
Zohocorp Manageengine O365 Manager Plus=4.3-4317
Zohocorp Manageengine O365 Manager Plus=4.3-4318
Zohocorp Manageengine O365 Manager Plus=4.3-4319
Zohocorp Manageengine O365 Manager Plus=4.3-4320
Zohocorp Manageengine O365 Manager Plus=4.3-4321
Zohocorp Manageengine O365 Manager Plus=4.3-4322
Zohocorp Manageengine O365 Manager Plus=4.3-4324
Zohocorp Manageengine O365 Manager Plus=4.3-4325
Zohocorp Manageengine O365 Manager Plus=4.3-4327
Zohocorp Manageengine O365 Manager Plus=4.3-4328
Zohocorp Manageengine O365 Manager Plus=4.3-4329
Zohocorp Manageengine O365 Manager Plus=4.3-4330
Zohocorp Manageengine O365 Manager Plus=4.3-4331
Zohocorp Manageengine O365 Manager Plus=4.3-4332
Zohocorp Manageengine O365 Manager Plus=4.3-4333
Zohocorp Manageengine O365 Manager Plus=4.3-4334
Zohocorp Manageengine Cloud Security Plus<=4.0
Zohocorp Manageengine Cloud Security Plus=4.1-4100
Zohocorp Manageengine Cloud Security Plus=4.1-4101
Zohocorp Manageengine Cloud Security Plus=4.1-4102
Zohocorp Manageengine Cloud Security Plus=4.1-4103
Zohocorp Manageengine Cloud Security Plus=4.1-4104
Zohocorp Manageengine Cloud Security Plus=4.1-4105
Zohocorp Manageengine Cloud Security Plus=4.1-4106
Zohocorp Manageengine Cloud Security Plus=4.1-4107
Zohocorp Manageengine Cloud Security Plus=4.1-4108
Zohocorp Manageengine Cloud Security Plus=4.1-4109
Zohocorp ManageEngine ADManager Plus<=6.6
Zohocorp ManageEngine ADManager Plus=7.0-7000
Zohocorp ManageEngine ADManager Plus=7.0-7010
Zohocorp ManageEngine ADManager Plus=7.0-7011
Zohocorp ManageEngine ADManager Plus=7.0-7020
Zohocorp ManageEngine ADManager Plus=7.0-7030
Zohocorp ManageEngine ADManager Plus=7.0-7040
Zohocorp ManageEngine ADManager Plus=7.0-7041
Zohocorp ManageEngine ADManager Plus=7.0-7050
Zohocorp ManageEngine ADManager Plus=7.0-7051
Zohocorp ManageEngine ADManager Plus=7.0-7052
Zohocorp ManageEngine ADManager Plus=7.0-7053
Zohocorp ManageEngine ADManager Plus=7.0-7054
Zohocorp Manageengine Log360<=5.0
Zohocorp Manageengine Log360=5.1-5100
Zohocorp Manageengine Log360=5.1-5102
Zohocorp Manageengine Log360=5.1-5107
Zohocorp Manageengine Log360=5.1-5108
Zohocorp Manageengine Log360=5.1-5110
Zohocorp Manageengine Log360=5.1-5111
Zohocorp Manageengine Log360=5.1-5120
Zohocorp Manageengine Log360=5.1-5150
Zohocorp Manageengine Log360=5.1-5154
Zohocorp Manageengine Log360=5.1-5155
Zohocorp Manageengine Log360=5.1-5160
Zohocorp Manageengine Log360=5.1-5164

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203