First published: Fri Feb 05 2021(Updated: )
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <14.9 | |
Zohocorp ManageEngine Applications Manager | =14.9 | |
Zohocorp ManageEngine Applications Manager | =14.9-build14900 | |
Zohocorp ManageEngine Applications Manager | =14.9-build14910 | |
Zohocorp ManageEngine Applications Manager | =14.9-build14911 | |
Zohocorp ManageEngine Applications Manager | =14.9-build14930 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-35765 is high with a CVSS score of 8.8.
CVE-2020-35765 allows an authenticated SQL Injection vulnerability in Zoho ManageEngine Applications Manager versions 14.9 to exploit the 'doFilter' function in 'com.adventnet.appmanager.filter.UriCollector', specifically through the 'resourceid' parameter in 'showresource.do'.
Zoho ManageEngine Applications Manager versions 14.9 to 14.9-build14930 are affected by CVE-2020-35765.
To mitigate CVE-2020-35765, it is recommended to upgrade Zoho ManageEngine Applications Manager to version 14.9-build15000 or apply the appropriate security update provided by ManageEngine.
You can find more information about CVE-2020-35765 on the ManageEngine website.