CVE-2020-35765

HIGH

8.8

Beschreibung

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht2/5/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zohocorp:manageengine_applications_manager

Schwachen (CWE)

CWE-89

Referenzen

https://www.manageengine.com(cve@mitre.org)

https://www.manageengine.com/products/applications_manager/issues.html#v15000(cve@mitre.org)

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html(cve@mitre.org)

https://www.tenable.com/security/research/tra-2021-02(cve@mitre.org)

https://www.manageengine.com(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/applications_manager/issues.html#v15000(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.tenable.com/security/research/tra-2021-02(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.