Search criteria
165 vulnerabilities found for manageengine_applications_manager by zohocorp
FKIE_CVE-2025-6239
Vulnerability from fkie_nvd - Published: 2025-10-21 13:15 - Updated: 2025-10-24 12:52
Severity ?
Summary
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9849F40C-2B7F-4A4E-A520-FB0291FD8CC4",
"versionEndExcluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:-:*:*:*:*:*:*",
"matchCriteriaId": "78456091-5D65-4C1A-AF64-0EDABCCB31ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176100:*:*:*:*:*:*",
"matchCriteriaId": "A7C5FE53-9616-403C-89ED-E055C627188E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176200:*:*:*:*:*:*",
"matchCriteriaId": "FFCE0A93-9D70-44DB-BF90-85BCD7B80E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176300:*:*:*:*:*:*",
"matchCriteriaId": "18C855DE-A54A-4FD1-B803-D6F4E3FF4FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176500:*:*:*:*:*:*",
"matchCriteriaId": "81D273F6-5610-400A-BCEE-2477AF229840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176600:*:*:*:*:*:*",
"matchCriteriaId": "397E6A6F-FEFF-420C-B0D4-098AA9C03B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176700:*:*:*:*:*:*",
"matchCriteriaId": "5834FB95-AC4C-4CEF-9CEE-D771A112B0C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176800:*:*:*:*:*:*",
"matchCriteriaId": "29E2AAE7-7AD3-4896-8582-0FA675E88FE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor."
}
],
"id": "CVE-2025-6239",
"lastModified": "2025-10-24T12:52:49.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
}
]
},
"published": "2025-10-21T13:15:36.950",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-6239.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-27930
Vulnerability from fkie_nvd - Published: 2025-07-23 11:15 - Updated: 2025-09-30 15:03
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9849F40C-2B7F-4A4E-A520-FB0291FD8CC4",
"versionEndExcluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:-:*:*:*:*:*:*",
"matchCriteriaId": "78456091-5D65-4C1A-AF64-0EDABCCB31ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176100:*:*:*:*:*:*",
"matchCriteriaId": "A7C5FE53-9616-403C-89ED-E055C627188E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176200:*:*:*:*:*:*",
"matchCriteriaId": "FFCE0A93-9D70-44DB-BF90-85BCD7B80E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176300:*:*:*:*:*:*",
"matchCriteriaId": "18C855DE-A54A-4FD1-B803-D6F4E3FF4FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176500:*:*:*:*:*:*",
"matchCriteriaId": "81D273F6-5610-400A-BCEE-2477AF229840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.6:build176600:*:*:*:*:*:*",
"matchCriteriaId": "397E6A6F-FEFF-420C-B0D4-098AA9C03B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0176600 and prior are vulnerable to stored cross-site scripting in the\u00a0File/Directory monitor."
},
{
"lang": "es",
"value": "Las versiones 176600 y anteriores de Zohocorp ManageEngine Applications Manager son vulnerables a cross-site scripting almacenado en el monitor de archivos y directorios."
}
],
"id": "CVE-2025-27930",
"lastModified": "2025-09-30T15:03:30.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-23T11:15:33.113",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-27930.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41140
Vulnerability from fkie_nvd - Published: 2025-01-29 12:15 - Updated: 2025-09-29 18:08
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60B2FA-65D9-4F15-8F36-5BBD328D70E9",
"versionEndExcluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B24E6C3-B81B-4324-A3AF-02B8C5A9CACD",
"versionEndExcluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6DBF4AD2-F1FA-4397-872D-15F7F0B499ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*",
"matchCriteriaId": "24D9A360-987B-4631-AC4E-A83C19AC6218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*",
"matchCriteriaId": "CF0F0C0E-7534-490B-B009-8B24E258D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170002:*:*:*:*:*:*",
"matchCriteriaId": "FD6375B4-C9BD-44F0-A0B9-2F5CD80EE54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170003:*:*:*:*:*:*",
"matchCriteriaId": "AD694576-88FB-4A79-9A7E-744359439133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170004:*:*:*:*:*:*",
"matchCriteriaId": "719105AD-C4D8-43FD-AF87-2E1F400413E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170005:*:*:*:*:*:*",
"matchCriteriaId": "6AF01C0D-3362-46B0-8D9E-2D54AD6906D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170006:*:*:*:*:*:*",
"matchCriteriaId": "2FB1C60A-13B5-4D35-834D-39D31F07A46E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170007:*:*:*:*:*:*",
"matchCriteriaId": "A0A66F8C-322C-4AE8-A915-85D813028E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:-:*:*:*:*:*:*",
"matchCriteriaId": "3785344C-D42E-4408-8DA6-05800B17D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173000:*:*:*:*:*:*",
"matchCriteriaId": "87A0EB98-F81A-4870-8D78-4E6C0B7F06D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173100:*:*:*:*:*:*",
"matchCriteriaId": "26D43D3E-99DA-4BAA-8326-FB0C344CD58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173200:*:*:*:*:*:*",
"matchCriteriaId": "444D1677-D36C-4402-A78B-E719B8EE7C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173300:*:*:*:*:*:*",
"matchCriteriaId": "5AAC7171-AAFC-4308-9181-22B4C9E92196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173301:*:*:*:*:*:*",
"matchCriteriaId": "3CB9713C-4105-4E98-AC7A-9057B6657329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.3:build173302:*:*:*:*:*:*",
"matchCriteriaId": "09C7E0A0-FE94-4702-9099-3BD1636E99CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function."
},
{
"lang": "es",
"value": "Las versiones 174000 y anteriores de Zohocorp ManageEngine Applications Manager son vulnerables a la autorizaci\u00f3n incorrecta en la funci\u00f3n de actualizaci\u00f3n de usuario."
}
],
"id": "CVE-2024-41140",
"lastModified": "2025-09-29T18:08:54.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-29T12:15:28.293",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-5678
Vulnerability from fkie_nvd - Published: 2024-08-01 07:15 - Updated: 2024-08-15 18:05
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "480B0626-2047-4A6F-8F92-F680D8E2929A",
"versionEndExcluding": "16.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "CE6C088B-F1DF-4F2A-9E3B-4AD087867A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16800:*:*:*:*:*:*",
"matchCriteriaId": "977D742E-A4A3-4197-99CC-86A0630DFC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16810:*:*:*:*:*:*",
"matchCriteriaId": "F007885B-D1CF-49E5-BA5E-95C764B7DEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16820:*:*:*:*:*:*",
"matchCriteriaId": "EF18E6CE-1D00-4AC6-A0E7-E825B20C27B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16830:*:*:*:*:*:*",
"matchCriteriaId": "F37D024B-09D7-4199-915B-BF0F91306FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16840:*:*:*:*:*:*",
"matchCriteriaId": "1099AC26-DF08-459E-B6DF-31648D40A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16841:*:*:*:*:*:*",
"matchCriteriaId": "2B119FB2-3AB7-4179-A3D9-237843C7B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16842:*:*:*:*:*:*",
"matchCriteriaId": "E084E42D-39B6-4F25-87A6-DDC504F1F464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.8:build16843:*:*:*:*:*:*",
"matchCriteriaId": "618F55F5-58E7-4028-B43B-1C9BE8A545F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6DBF4AD2-F1FA-4397-872D-15F7F0B499ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170000:*:*:*:*:*:*",
"matchCriteriaId": "24D9A360-987B-4631-AC4E-A83C19AC6218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170001:*:*:*:*:*:*",
"matchCriteriaId": "CF0F0C0E-7534-490B-B009-8B24E258D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170100:*:*:*:*:*:*",
"matchCriteriaId": "062BCDE1-D732-4482-B537-99857394F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170200:*:*:*:*:*:*",
"matchCriteriaId": "6A6041F0-C3E7-46E6-B38B-8B4487149F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170300:*:*:*:*:*:*",
"matchCriteriaId": "AF8451A5-0CCA-48C7-85A4-DD79A5CA1B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170400:*:*:*:*:*:*",
"matchCriteriaId": "EAA9B92E-84D6-4AE9-80AB-CFF73D05E4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170500:*:*:*:*:*:*",
"matchCriteriaId": "A853E473-DB79-4605-BEA8-82EAE1481253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170600:*:*:*:*:*:*",
"matchCriteriaId": "5A466A9F-DE75-45F0-9EC5-BAE651E5E491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170700:*:*:*:*:*:*",
"matchCriteriaId": "F9085451-8E09-43C4-9A59-2F46DE8FDCB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170800:*:*:*:*:*:*",
"matchCriteriaId": "0D1BA6B5-E27A-451F-8ABB-7C5C2066FBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:17.0:build170900:*:*:*:*:*:*",
"matchCriteriaId": "FDEDFF09-0539-4833-9568-8AA868506219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
},
{
"lang": "es",
"value": " Zohocorp ManageEngine Applications Manager versiones 170900 e inferiores son vulnerables a la inyecci\u00f3n SQL autenticada solo para administradores en la funci\u00f3n Create Monitor."
}
],
"id": "CVE-2024-5678",
"lastModified": "2024-08-15T18:05:54.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-01T07:15:03.053",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-38333
Vulnerability from fkie_nvd - Published: 2023-08-10 21:15 - Updated: 2025-03-07 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE31108-0BCF-439A-A0A4-6A5E3D317A58",
"versionEndExcluding": "16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:-:*:*:*:*:*:*",
"matchCriteriaId": "9E7A5CB9-A7B8-4ED0-B7B7-A55C9DEA1031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16500:*:*:*:*:*:*",
"matchCriteriaId": "4D81950D-33D9-4BBB-A209-13BC2C74C36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16510:*:*:*:*:*:*",
"matchCriteriaId": "35F55779-23A6-4C21-8A24-DAD73DFDA728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16511:*:*:*:*:*:*",
"matchCriteriaId": "836A8F78-C994-4CE9-A7E8-5D69975D18E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16520:*:*:*:*:*:*",
"matchCriteriaId": "08E9CD04-711B-4062-AE20-00BECCB2AC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.5:build16530:*:*:*:*:*:*",
"matchCriteriaId": "CCFE6112-8FF3-4E3D-8300-92C54F25B139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in."
}
],
"id": "CVE-2023-38333",
"lastModified": "2025-03-07T19:15:35.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-10T21:15:10.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-29442
Vulnerability from fkie_nvd - Published: 2023-04-26 21:15 - Updated: 2025-02-03 18:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71A91D5D-BA60-4FAC-92D7-DD477399A552",
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16330:*:*:*:*:*:*",
"matchCriteriaId": "6251408C-2192-44E7-A8D8-92EE97BC3D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16340:*:*:*:*:*:*",
"matchCriteriaId": "9F50F891-EA20-4DAC-A100-C80FC455FF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16350:*:*:*:*:*:*",
"matchCriteriaId": "14969EAF-CDB7-45AE-AAA1-8D7D0C1D04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16360:*:*:*:*:*:*",
"matchCriteriaId": "1B69B236-6FB4-4142-BAA3-578283DB225D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16361:*:*:*:*:*:*",
"matchCriteriaId": "1A68602E-658B-435E-A456-736C8297ABDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16370:*:*:*:*:*:*",
"matchCriteriaId": "0743D3FA-E17C-4AB4-8821-ECFA8760AA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16380:*:*:*:*:*:*",
"matchCriteriaId": "125F2CA8-EB8C-4863-85AB-B8ABB3A0B6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16390:*:*:*:*:*:*",
"matchCriteriaId": "65477E77-D8C3-428A-89CB-188E456FFFC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS."
}
],
"id": "CVE-2023-29442",
"lastModified": "2025-02-03T18:15:29.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-26T21:15:08.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28341
Vulnerability from fkie_nvd - Published: 2023-04-11 01:15 - Updated: 2025-02-10 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B59BA41-4B35-4045-93B0-3C680F030E45",
"versionEndExcluding": "16.3",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.9:build15990:*:*:*:*:*:*",
"matchCriteriaId": "F17AAB7B-79D3-4431-917D-83678ACBFAC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16330:*:*:*:*:*:*",
"matchCriteriaId": "6251408C-2192-44E7-A8D8-92EE97BC3D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16340:*:*:*:*:*:*",
"matchCriteriaId": "9F50F891-EA20-4DAC-A100-C80FC455FF15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page."
}
],
"id": "CVE-2023-28341",
"lastModified": "2025-02-10T21:15:15.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T01:15:07.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28340
Vulnerability from fkie_nvd - Published: 2023-04-11 01:15 - Updated: 2025-02-10 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_applications_manager | 16.3 | |
| zohocorp | manageengine_applications_manager | 16.3 | |
| zohocorp | manageengine_applications_manager | 16.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71A91D5D-BA60-4FAC-92D7-DD477399A552",
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
"matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
"matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
"matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack."
}
],
"id": "CVE-2023-28340",
"lastModified": "2025-02-10T21:15:15.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T01:15:07.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-23050
Vulnerability from fkie_nvd - Published: 2022-05-24 19:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | |
| zohocorp | manageengine_applications_manager | 15.5 | |
| zohocorp | manageengine_applications_manager | 15.5 | |
| zohocorp | manageengine_applications_manager | 15.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A06C5EC-9980-4CBB-9BF9-D2B9934495B7",
"versionEndExcluding": "15.5",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:-:*:*:*:*:*:*",
"matchCriteriaId": "5FF2D7BB-4150-4B3E-967B-0BC77A179576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15500:*:*:*:*:*:*",
"matchCriteriaId": "C174DC8E-E0AD-492B-AE5D-6D17D062314E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15510:*:*:*:*:*:*",
"matchCriteriaId": "DB5FBF55-196C-4A92-A6E9-10078929D5DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
},
{
"lang": "es",
"value": "ManageEngine AppManager15 (Build No:15510) permite a un usuario administrador autenticado subir un archivo DLL para llevar a cabo un ataque de secuestro de DLL dentro de la carpeta \"working\" mediante la funcionalidad \"Upload Files / Binaries\""
}
],
"id": "CVE-2022-23050",
"lastModified": "2024-11-21T06:47:53.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-24T19:15:09.567",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-28679
Vulnerability from fkie_nvd - Published: 2022-01-10 18:15 - Updated: 2024-11-21 05:23
Severity ?
Summary
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/applications_manager/issues.html#v14550 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/applications_manager/issues.html#v14550 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11010:*:*:*:*:*:*",
"matchCriteriaId": "A02C9186-B520-4F35-B45C-DC41C2A1A305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11020:*:*:*:*:*:*",
"matchCriteriaId": "B6B96F45-F0FF-43B1-AB61-9786F3715A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11030:*:*:*:*:*:*",
"matchCriteriaId": "7382D162-2DF5-48E4-A003-9664B1061393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11040:*:*:*:*:*:*",
"matchCriteriaId": "572DF249-439B-41B2-99C2-DCC414C84D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11100:*:*:*:*:*:*",
"matchCriteriaId": "8D73C24C-FE82-4D62-9A4E-5585FD380D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.1:build11110:*:*:*:*:*:*",
"matchCriteriaId": "6057D644-AF82-41AD-B5F7-4871187BD47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11200:*:*:*:*:*:*",
"matchCriteriaId": "1A61E4BB-0336-49E4-8F6F-F36473C8AD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11210:*:*:*:*:*:*",
"matchCriteriaId": "2A124333-9099-47C7-8268-28FC94F307FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11220:*:*:*:*:*:*",
"matchCriteriaId": "38106D43-D185-4BEA-A6E4-C5DE1E38CE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.3:build11300:*:*:*:*:*:*",
"matchCriteriaId": "A9BC0CAD-2956-4EE9-8F25-365F15C0A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.4:build11410:*:*:*:*:*:*",
"matchCriteriaId": "5855D8DE-9E4E-49DF-ACC4-D57CC367A710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.5:build11520:*:*:*:*:*:*",
"matchCriteriaId": "420B0582-5152-47F4-A7DA-D8E8BD55168D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.6:build11610:*:*:*:*:*:*",
"matchCriteriaId": "D562A1CF-31D1-4C12-B306-E9D3659E6354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.7:build11700:*:*:*:*:*:*",
"matchCriteriaId": "F7F75C4B-E4AC-4194-B3D9-FA7E7B25C908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.8:build11800:*:*:*:*:*:*",
"matchCriteriaId": "B75F16D5-ADFC-483B-B3DF-0D740E5ADFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11900:*:*:*:*:*:*",
"matchCriteriaId": "D781107A-E42F-4078-BD0C-0A2EEC0040D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11912:*:*:*:*:*:*",
"matchCriteriaId": "09062DCF-0672-44F2-AE35-C4098619218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12000:*:*:*:*:*:*",
"matchCriteriaId": "E415DD31-1097-459D-A6BF-CF5065B22EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12010:*:*:*:*:*:*",
"matchCriteriaId": "9620E7A2-64A5-4549-B33B-47518C32F05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12020:*:*:*:*:*:*",
"matchCriteriaId": "9C4972CF-D4A5-4C7F-8F58-AE5519FDE3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "F3AC47FD-657A-449B-ADA6-6E6E2B9D58B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "0D0FD885-A5B5-4A57-87CF-FCC57BCFB47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12200:*:*:*:*:*:*",
"matchCriteriaId": "A18E7CD5-1B21-4544-BFB1-61E30DC08C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12210:*:*:*:*:*:*",
"matchCriteriaId": "7F83E0B6-B266-481A-AB29-E8BCC210208F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:build12300:*:*:*:*:*:*",
"matchCriteriaId": "4057A1AB-D3D3-43F4-8343-A51141365C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5:build12500:*:*:*:*:*:*",
"matchCriteriaId": "50BC96D5-F81D-4FEF-A68B-AE2D7C81CB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6:build12600:*:*:*:*:*:*",
"matchCriteriaId": "08765095-9D6F-43E5-A6DD-6480F05F6214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12700:*:*:*:*:*:*",
"matchCriteriaId": "2A6D2A1E-F1A5-4023-BC62-D6B4869A853C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12710:*:*:*:*:*:*",
"matchCriteriaId": "3AAD8C61-E21E-4D7F-A00F-D4C822F848A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8:build12810:*:*:*:*:*:*",
"matchCriteriaId": "955DD735-0F43-423A-BF2E-F0BC35544090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9:build12900:*:*:*:*:*:*",
"matchCriteriaId": "67A35E49-45A3-4CE0-A38F-0CE843462138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:build13000:*:*:*:*:*:*",
"matchCriteriaId": "362131C4-91D5-41F5-AF17-B5A61EA602BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:build13100:*:*:*:*:*:*",
"matchCriteriaId": "971C349D-5801-4066-B587-22A96689A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13200:*:*:*:*:*:*",
"matchCriteriaId": "E508295E-E422-4509-9E74-64A4097274F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13210:*:*:*:*:*:*",
"matchCriteriaId": "865E1CE5-DC1A-4F08-89D9-DC73397E615D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3:build13300:*:*:*:*:*:*",
"matchCriteriaId": "4BD18A47-2355-42A0-92FB-4C86120ADEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13400:*:*:*:*:*:*",
"matchCriteriaId": "0F601C3D-5594-4D6A-B52B-45D97E3A7F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13410:*:*:*:*:*:*",
"matchCriteriaId": "E21795EE-37BD-4F99-B277-4F982E1E7FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13420:*:*:*:*:*:*",
"matchCriteriaId": "FE8855EF-2966-40DE-BAA0-8BB224045517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13430:*:*:*:*:*:*",
"matchCriteriaId": "ADE2132E-C11E-4544-939A-0F56191794C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13440:*:*:*:*:*:*",
"matchCriteriaId": "269BCE1F-5849-406C-9909-1F30DF699502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13450:*:*:*:*:*:*",
"matchCriteriaId": "3D201826-8808-454A-B6E3-9A087FD6398C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13500:*:*:*:*:*:*",
"matchCriteriaId": "F3DF1ADD-6773-400F-918B-31E6FDCC18C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13510:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4FC4-B10C-4A30-815B-9410A953FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13520:*:*:*:*:*:*",
"matchCriteriaId": "278A9FC5-50AF-4CBC-B164-40C876DF86B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13530:*:*:*:*:*:*",
"matchCriteriaId": "B8E30823-78EA-4FD2-A430-24A637C4E69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13540:*:*:*:*:*:*",
"matchCriteriaId": "2301E889-785E-4D81-B95B-2DBF16810CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13550:*:*:*:*:*:*",
"matchCriteriaId": "4BC72D15-E137-4186-867A-45FF9D3E1344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13560:*:*:*:*:*:*",
"matchCriteriaId": "1D661600-E4BE-4CC4-A519-6E6F3D01865F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13570:*:*:*:*:*:*",
"matchCriteriaId": "FE8BAE06-1111-40B8-9A90-431423C29DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13580:*:*:*:*:*:*",
"matchCriteriaId": "84EFA3B6-6EBA-4A72-AEB5-6809D92C9F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13590:*:*:*:*:*:*",
"matchCriteriaId": "533BA6D5-7FE0-496A-B2CA-F9F2CBA7A8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13591:*:*:*:*:*:*",
"matchCriteriaId": "0C97A78A-0C84-4FD8-B7C5-1EFE7D6740F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13600:*:*:*:*:*:*",
"matchCriteriaId": "6E4455B7-5769-4BDE-9AEB-36F8ED8C4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13610:*:*:*:*:*:*",
"matchCriteriaId": "A698E0F9-C6B1-45E0-AD01-89C1D23A355B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13620:*:*:*:*:*:*",
"matchCriteriaId": "A91B632B-60F4-4652-B9F3-F8C5A7B886BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13630:*:*:*:*:*:*",
"matchCriteriaId": "4C63BF25-7403-4810-9B5F-28DC785F5A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13640:*:*:*:*:*:*",
"matchCriteriaId": "DE8F3986-DB00-42F3-9AE5-E8907308C87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13650:*:*:*:*:*:*",
"matchCriteriaId": "12843833-BBC3-4781-B811-D2161779A74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13660:*:*:*:*:*:*",
"matchCriteriaId": "C22A070B-2706-480B-ACFB-0C46B6C8771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13670:*:*:*:*:*:*",
"matchCriteriaId": "982171BD-F304-4D02-A4F2-E67F2274245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13680:*:*:*:*:*:*",
"matchCriteriaId": "4963E3E4-1438-4C57-856D-279D71CD270E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13690:*:*:*:*:*:*",
"matchCriteriaId": "8A374B9B-9B83-478B-9B87-D62D1DA08706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13700:*:*:*:*:*:*",
"matchCriteriaId": "D7442CF6-9B0F-42D7-8473-F6B4A8A1EA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13710:*:*:*:*:*:*",
"matchCriteriaId": "58CF2A79-9FF3-419F-8DC0-CDCA188EA5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13720:*:*:*:*:*:*",
"matchCriteriaId": "7DC46166-41CC-4C4D-B0E3-024243B2871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13730:*:*:*:*:*:*",
"matchCriteriaId": "C01F6CEC-5FAE-4A85-9C5B-3C981FBF4ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13740:*:*:*:*:*:*",
"matchCriteriaId": "B8ED84D2-F8E7-4F74-A12D-422559B88A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13750:*:*:*:*:*:*",
"matchCriteriaId": "0248509E-5C6A-4072-8BCD-873A2DAD19AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13760:*:*:*:*:*:*",
"matchCriteriaId": "5B5B3F32-8609-42B3-BC4F-3700DD7D045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13770:*:*:*:*:*:*",
"matchCriteriaId": "4EC42FBE-46B7-4BBD-9BAF-91AEB41F37BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13780:*:*:*:*:*:*",
"matchCriteriaId": "295E865A-E194-45A9-B646-221A9258EBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13790:*:*:*:*:*:*",
"matchCriteriaId": "43015CB0-9E23-4346-9212-C85CFEFC1113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13800:*:*:*:*:*:*",
"matchCriteriaId": "DF1AEABC-8947-42B0-997B-07BFAD14608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13810:*:*:*:*:*:*",
"matchCriteriaId": "B06B4691-1159-4071-A7AB-DD8AF8689E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13820:*:*:*:*:*:*",
"matchCriteriaId": "9A549210-F965-4592-9A7A-74290DEA8948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13830:*:*:*:*:*:*",
"matchCriteriaId": "9B57BD11-188A-4BD0-BE28-3422E5D275AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13831:*:*:*:*:*:*",
"matchCriteriaId": "48466C80-1625-443A-B159-F96350F2680A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13840:*:*:*:*:*:*",
"matchCriteriaId": "06848B0C-62D0-4BC3-A3E0-4CC54F2B4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13850:*:*:*:*:*:*",
"matchCriteriaId": "13FA5377-A2F7-4920-BCE1-AEA363743B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13860:*:*:*:*:*:*",
"matchCriteriaId": "F7148DCE-E517-4D70-8F94-70C779DC2FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13870:*:*:*:*:*:*",
"matchCriteriaId": "F601DADD-95A4-4649-B6ED-1CD921CB3942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13880:*:*:*:*:*:*",
"matchCriteriaId": "36A0FBEE-F8D5-401C-B770-87E1CBFDEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13890:*:*:*:*:*:*",
"matchCriteriaId": "7052654A-A44D-4DC3-BB27-52143B60DC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13900:*:*:*:*:*:*",
"matchCriteriaId": "5CFB81A3-9818-4910-B330-F7C83CEB6DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13910:*:*:*:*:*:*",
"matchCriteriaId": "FDB80D0D-02C9-45C0-A721-ECF4574B41BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13920:*:*:*:*:*:*",
"matchCriteriaId": "9BA9663F-6288-4624-B205-ABF80BD38B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13930:*:*:*:*:*:*",
"matchCriteriaId": "DDF74E7D-EE06-4DEE-AE6A-6B9CA414218D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13940:*:*:*:*:*:*",
"matchCriteriaId": "5200CBF4-14D8-4651-8066-F1CFE201A383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13950:*:*:*:*:*:*",
"matchCriteriaId": "BC1B9FB4-A595-4F2C-9477-C8A1B9D42128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13960:*:*:*:*:*:*",
"matchCriteriaId": "53C9B88B-17C0-4CFF-A951-31458C3EDED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13970:*:*:*:*:*:*",
"matchCriteriaId": "4A12AC22-D343-493B-8F7C-C97AB6BC0448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13980:*:*:*:*:*:*",
"matchCriteriaId": "E84C9CA8-DC85-4E4F-A9BA-07F52E06773E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13990:*:*:*:*:*:*",
"matchCriteriaId": "6A5ECD8F-EFBB-4B14-9DF4-98DE7CC282A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*",
"matchCriteriaId": "03FAC408-84B1-4B51-A6D9-C1DF77FBAA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*",
"matchCriteriaId": "E00321E8-A1DF-49BF-A4E4-237527E7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*",
"matchCriteriaId": "58DA013E-26A7-4968-B89B-4B694D683E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*",
"matchCriteriaId": "8552CA6A-B6B5-42D2-97D0-CA9FA5B9DE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*",
"matchCriteriaId": "87DEE454-FE44-4312-B9FC-53D671ACA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*",
"matchCriteriaId": "1715F2C6-AC0F-4F46-A6C4-3531242274ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*",
"matchCriteriaId": "583248EC-C732-4902-B14C-5031888BD17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*",
"matchCriteriaId": "355366B0-4D45-4920-A897-A9A4451C072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*",
"matchCriteriaId": "EDB9AADD-A93D-46CC-B5E9-BB841FFC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*",
"matchCriteriaId": "CDC226FE-DBBA-4FB2-A703-82EE12092FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*",
"matchCriteriaId": "0FC560BE-C297-4348-8739-D014CDEF60CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*",
"matchCriteriaId": "2B385291-37F7-4B1E-98B9-06E42B07ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*",
"matchCriteriaId": "8D647A88-0F0A-4971-9AD1-494AB6D1DFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14100:*:*:*:*:*:*",
"matchCriteriaId": "E2198922-6658-490E-AE44-E6DC8F9D72DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14110:*:*:*:*:*:*",
"matchCriteriaId": "11D70C6F-F7C8-4F03-A606-6402C646CDC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14120:*:*:*:*:*:*",
"matchCriteriaId": "14A5BC08-3F55-4538-8923-3AFA938CDB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14130:*:*:*:*:*:*",
"matchCriteriaId": "A830CDFD-607C-4F5D-BE40-C3293E77F933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14140:*:*:*:*:*:*",
"matchCriteriaId": "8E100EA7-740A-4E1C-826E-E0A2F4550B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14150:*:*:*:*:*:*",
"matchCriteriaId": "0AD5F99E-9130-44DE-B5D4-A4FBF9338825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14160:*:*:*:*:*:*",
"matchCriteriaId": "24383C4F-FACA-48E3-BEED-FDA054D27122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14170:*:*:*:*:*:*",
"matchCriteriaId": "D773A874-6B9E-4B15-946F-73336FDE5CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14180:*:*:*:*:*:*",
"matchCriteriaId": "F0F5181E-3214-48DD-883B-3E26D562F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14190:*:*:*:*:*:*",
"matchCriteriaId": "016F465E-678A-4A9A-9493-DFA0BE265374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14200:*:*:*:*:*:*",
"matchCriteriaId": "03C06718-D9E4-41BF-8B11-139C731570D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14210:*:*:*:*:*:*",
"matchCriteriaId": "5D7B3732-211D-4D24-8014-5002E3678E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14220:*:*:*:*:*:*",
"matchCriteriaId": "A67CF67E-A855-4481-8816-48F10987AD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14230:*:*:*:*:*:*",
"matchCriteriaId": "87014819-2263-43A8-BB1B-0870631BA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14240:*:*:*:*:*:*",
"matchCriteriaId": "9C4FC1F1-3A8F-466E-B963-4FDC43810480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14250:*:*:*:*:*:*",
"matchCriteriaId": "662A0308-CAFE-4264-AEF2-4794C774F5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14260:*:*:*:*:*:*",
"matchCriteriaId": "B56121C9-46C5-42E9-8E9B-B90A1B8DC4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14261:*:*:*:*:*:*",
"matchCriteriaId": "2E0A2274-1B22-4D29-804F-D40F87FE2BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14262:*:*:*:*:*:*",
"matchCriteriaId": "39DEB880-DFC0-4811-8010-71C49DB568DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14270:*:*:*:*:*:*",
"matchCriteriaId": "C420506D-351F-4F71-80E3-0AC308F345AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14280:*:*:*:*:*:*",
"matchCriteriaId": "742BF87A-1547-4DA1-8255-EABA73032258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14290:*:*:*:*:*:*",
"matchCriteriaId": "EAA8CFAF-DD50-4CF5-B46C-7651CE9A4BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14300:*:*:*:*:*:*",
"matchCriteriaId": "DAF1E53B-C9C7-4408-8F91-EDBCF616E437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14310:*:*:*:*:*:*",
"matchCriteriaId": "1B770809-8C5C-4567-B32A-ED694EEB1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14330:*:*:*:*:*:*",
"matchCriteriaId": "BE084129-E743-48CB-B752-5567B814A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14331:*:*:*:*:*:*",
"matchCriteriaId": "C6D7408F-E0AC-4038-8D07-9652A8C1E7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14332:*:*:*:*:*:*",
"matchCriteriaId": "B9A2B86D-B673-4DE9-8450-42E82B4665B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14340:*:*:*:*:*:*",
"matchCriteriaId": "46F0CDA4-91F0-41FC-9981-D8CA120A5847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14350:*:*:*:*:*:*",
"matchCriteriaId": "4D0E72F3-5FA7-4D76-880C-48E247BE92A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14360:*:*:*:*:*:*",
"matchCriteriaId": "5D3C538A-D719-4D2D-B25B-5D8E01C0FF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14361:*:*:*:*:*:*",
"matchCriteriaId": "72A1F5AC-7895-4BBD-A339-159BD50519BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14370:*:*:*:*:*:*",
"matchCriteriaId": "4402B148-B1F6-4A2E-844F-413F8C2DA977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14380:*:*:*:*:*:*",
"matchCriteriaId": "1CB17533-5A93-4D88-A3F5-9305DDECF284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14390:*:*:*:*:*:*",
"matchCriteriaId": "B5ADE260-48CF-4863-8665-99E77D82660C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14400:*:*:*:*:*:*",
"matchCriteriaId": "A48CBFCA-C822-4AC9-83C9-3828C0C329B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14401:*:*:*:*:*:*",
"matchCriteriaId": "22211D25-8822-494A-B8AE-9C689AA8B6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14410:*:*:*:*:*:*",
"matchCriteriaId": "B4644040-14DB-4AF0-9B14-5DC2141462BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14420:*:*:*:*:*:*",
"matchCriteriaId": "1A37552E-DD88-4B12-B3AE-A001D7B8C74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14430:*:*:*:*:*:*",
"matchCriteriaId": "D0DE1C60-238C-40FE-9BFA-0A7762101776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14440:*:*:*:*:*:*",
"matchCriteriaId": "EFCAEC83-6C9D-43FD-8BCA-7046DA47ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14450:*:*:*:*:*:*",
"matchCriteriaId": "EA351DF5-CE01-43AC-ACA5-4D16A6950815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14460:*:*:*:*:*:*",
"matchCriteriaId": "5A3BDB05-8457-4355-8963-D9AAE6DDAD24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14470:*:*:*:*:*:*",
"matchCriteriaId": "24D53647-4C13-4A8A-9E5D-DD77328E9F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14480:*:*:*:*:*:*",
"matchCriteriaId": "C6CAE260-4989-492F-AB77-B58F526EF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14490:*:*:*:*:*:*",
"matchCriteriaId": "C7950E75-2D8D-4F08-B9AF-3C3CB8BD6446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14500:*:*:*:*:*:*",
"matchCriteriaId": "00B5B1A9-0B70-49F6-A372-5D2C8FC954E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14510:*:*:*:*:*:*",
"matchCriteriaId": "538B8DC0-3F93-41CA-8E7A-6F7DCD39B374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14520:*:*:*:*:*:*",
"matchCriteriaId": "B31B772F-6E3E-4F15-B535-B278584B1DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14530:*:*:*:*:*:*",
"matchCriteriaId": "1A39AA63-F9AC-4814-869F-FDE3F7D421D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14540:*:*:*:*:*:*",
"matchCriteriaId": "ED7D4D00-98DA-4D7F-B575-6C7841C3A018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo showReports de Zoho ManageEngine Applications Manager versiones anteriores a 14550, permite a atacantes autenticados ejecutar una inyecci\u00f3n SQL por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2020-28679",
"lastModified": "2024-11-21T05:23:07.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-10T18:15:07.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-6239 (GCVE-0-2025-6239)
Vulnerability from cvelistv5 – Published: 2025-10-21 12:25 – Updated: 2025-10-21 13:18
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zohocorp | ManageEngine Applications Manager |
Affected:
0 , ≤ 176800
(176800)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T13:16:41.711670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T13:18:28.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine Applications Manager",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "176800",
"status": "affected",
"version": "0",
"versionType": "176800"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor."
}
],
"value": "Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T12:25:21.042Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-6239.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-6239",
"datePublished": "2025-10-21T12:25:21.042Z",
"dateReserved": "2025-06-18T14:14:02.869Z",
"dateUpdated": "2025-10-21T13:18:28.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27930 (GCVE-0-2025-27930)
Vulnerability from cvelistv5 – Published: 2025-07-23 10:20 – Updated: 2025-07-25 03:55
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , ≤ 176600
(176600)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:17.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "176600",
"status": "affected",
"version": "0",
"versionType": "176600"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e176600 and prior are vulnerable to stored cross-site scripting in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFile/Directory monitor.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0176600 and prior are vulnerable to stored cross-site scripting in the\u00a0File/Directory monitor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T10:20:09.411Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-27930.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-27930",
"datePublished": "2025-07-23T10:20:09.411Z",
"dateReserved": "2025-04-21T10:22:18.152Z",
"dateUpdated": "2025-07-25T03:55:17.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41140 (GCVE-0-2024-41140)
Vulnerability from cvelistv5 – Published: 2025-01-29 11:14 – Updated: 2025-02-12 19:51
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , ≤ 174000
(174000)
|
Credits
maneesh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:06:02.590376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "174000",
"status": "affected",
"version": "0",
"versionType": "174000"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "maneesh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e174000 and prior are vulnerable to the incorrect authorization in the update user function.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T11:14:50.910Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-41140",
"datePublished": "2025-01-29T11:14:50.910Z",
"dateReserved": "2024-07-16T07:03:21.743Z",
"dateUpdated": "2025-02-12T19:51:14.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5678 (GCVE-0-2024-5678)
Vulnerability from cvelistv5 – Published: 2024-08-01 06:54 – Updated: 2024-08-02 15:40
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , < 170900
(170900)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:24:20.985989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:40:34.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "170900",
"status": "affected",
"version": "0",
"versionType": "170900"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T06:54:25.601Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5678",
"datePublished": "2024-08-01T06:54:25.601Z",
"dateReserved": "2024-06-06T11:29:14.674Z",
"dateUpdated": "2024-08-02T15:40:34.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38333 (GCVE-0-2023-38333)
Vulnerability from cvelistv5 – Published: 2023-08-10 00:00 – Updated: 2025-03-07 18:50
VLAI?
Summary
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:54:51.910298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:50:37.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38333",
"datePublished": "2023-08-10T00:00:00.000Z",
"dateReserved": "2023-07-14T00:00:00.000Z",
"dateUpdated": "2025-03-07T18:50:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29442 (GCVE-0-2023-29442)
Vulnerability from cvelistv5 – Published: 2023-04-26 00:00 – Updated: 2025-02-03 17:38
VLAI?
Summary
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:38:57.196637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:38:59.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29442",
"datePublished": "2023-04-26T00:00:00.000Z",
"dateReserved": "2023-04-06T00:00:00.000Z",
"dateUpdated": "2025-02-03T17:38:59.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28340 (GCVE-0-2023-28340)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:57
VLAI?
Summary
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:57:18.621413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:57:23.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28340",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:57:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28341 (GCVE-0-2023-28341)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:56
VLAI?
Summary
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:55:22.198177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:56:00.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28341",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:56:00.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23050 (GCVE-0-2022-23050)
Vulnerability from cvelistv5 – Published: 2022-05-24 18:02 – Updated: 2024-08-03 03:28
VLAI?
Summary
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Severity ?
No CVSS data available.
CWE
- DLL Hijacking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine AppManager15 |
Affected:
Build No:15510
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine AppManager15",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build No:15510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-24T18:02:05",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine AppManager15",
"version": {
"version_data": [
{
"version_value": "Build No:15510"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/cerati/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23050",
"datePublished": "2022-05-24T18:02:05",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:43.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28679 (GCVE-0-2020-28679)
Vulnerability from cvelistv5 – Published: 2022-01-10 17:47 – Updated: 2024-08-04 16:40
VLAI?
Summary
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T17:47:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14550",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28679",
"datePublished": "2022-01-10T17:47:37",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6239 (GCVE-0-2025-6239)
Vulnerability from nvd – Published: 2025-10-21 12:25 – Updated: 2025-10-21 13:18
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zohocorp | ManageEngine Applications Manager |
Affected:
0 , ≤ 176800
(176800)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T13:16:41.711670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T13:18:28.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine Applications Manager",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "176800",
"status": "affected",
"version": "0",
"versionType": "176800"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor."
}
],
"value": "Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T12:25:21.042Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-6239.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-6239",
"datePublished": "2025-10-21T12:25:21.042Z",
"dateReserved": "2025-06-18T14:14:02.869Z",
"dateUpdated": "2025-10-21T13:18:28.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27930 (GCVE-0-2025-27930)
Vulnerability from nvd – Published: 2025-07-23 10:20 – Updated: 2025-07-25 03:55
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , ≤ 176600
(176600)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:17.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "176600",
"status": "affected",
"version": "0",
"versionType": "176600"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e176600 and prior are vulnerable to stored cross-site scripting in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFile/Directory monitor.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0176600 and prior are vulnerable to stored cross-site scripting in the\u00a0File/Directory monitor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T10:20:09.411Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-27930.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-27930",
"datePublished": "2025-07-23T10:20:09.411Z",
"dateReserved": "2025-04-21T10:22:18.152Z",
"dateUpdated": "2025-07-25T03:55:17.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41140 (GCVE-0-2024-41140)
Vulnerability from nvd – Published: 2025-01-29 11:14 – Updated: 2025-02-12 19:51
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , ≤ 174000
(174000)
|
Credits
maneesh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:06:02.590376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "174000",
"status": "affected",
"version": "0",
"versionType": "174000"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "maneesh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e174000 and prior are vulnerable to the incorrect authorization in the update user function.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T11:14:50.910Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-41140",
"datePublished": "2025-01-29T11:14:50.910Z",
"dateReserved": "2024-07-16T07:03:21.743Z",
"dateUpdated": "2025-02-12T19:51:14.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5678 (GCVE-0-2024-5678)
Vulnerability from nvd – Published: 2024-08-01 06:54 – Updated: 2024-08-02 15:40
VLAI?
Summary
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
0 , < 170900
(170900)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:24:20.985989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:40:34.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "170900",
"status": "affected",
"version": "0",
"versionType": "170900"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Applications Manager versions\u0026nbsp;170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"value": "Zohocorp ManageEngine Applications Manager versions\u00a0170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T06:54:25.601Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-5678",
"datePublished": "2024-08-01T06:54:25.601Z",
"dateReserved": "2024-06-06T11:29:14.674Z",
"dateUpdated": "2024-08-02T15:40:34.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38333 (GCVE-0-2023-38333)
Vulnerability from nvd – Published: 2023-08-10 00:00 – Updated: 2025-03-07 18:50
VLAI?
Summary
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:54:51.910298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:50:37.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38333",
"datePublished": "2023-08-10T00:00:00.000Z",
"dateReserved": "2023-07-14T00:00:00.000Z",
"dateUpdated": "2025-03-07T18:50:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29442 (GCVE-0-2023-29442)
Vulnerability from nvd – Published: 2023-04-26 00:00 – Updated: 2025-02-03 17:38
VLAI?
Summary
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:38:57.196637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:38:59.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29442",
"datePublished": "2023-04-26T00:00:00.000Z",
"dateReserved": "2023-04-06T00:00:00.000Z",
"dateUpdated": "2025-02-03T17:38:59.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28340 (GCVE-0-2023-28340)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:57
VLAI?
Summary
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:57:18.621413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:57:23.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28340",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:57:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28341 (GCVE-0-2023-28341)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:56
VLAI?
Summary
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:55:22.198177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:56:00.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28341",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:56:00.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23050 (GCVE-0-2022-23050)
Vulnerability from nvd – Published: 2022-05-24 18:02 – Updated: 2024-08-03 03:28
VLAI?
Summary
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Severity ?
No CVSS data available.
CWE
- DLL Hijacking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine AppManager15 |
Affected:
Build No:15510
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine AppManager15",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build No:15510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-24T18:02:05",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-23050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine AppManager15",
"version": {
"version_data": [
{
"version_value": "Build No:15510"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the \u0027working\u0027 folder through the \u0027Upload Files / Binaries\u0027 functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/cerati/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/cerati/"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-23050",
"datePublished": "2022-05-24T18:02:05",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:43.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28679 (GCVE-0-2020-28679)
Vulnerability from nvd – Published: 2022-01-10 17:47 – Updated: 2024-08-04 16:40
VLAI?
Summary
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T17:47:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14550",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28679",
"datePublished": "2022-01-10T17:47:37",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}