CVE-2020-15533

Published Oct 1, 2020

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F25A81A-07FE-48D9-BF2E-AA0A0FE10988",
            "versionEndExcluding": "14.6"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6487B15-0328-4FF9-9F62-01DAFCEABE1D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14680:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B84D295A-7F52-4EE5-8ECD-9D707280C3B8"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14681:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9806D9E3-DB63-487F-9BF6-AFFA1A44099C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14682:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D84E0D-6264-4061-84AF-273FDE32C8DE"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14683:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE57EE9F-FE48-41BC-9A41-8F5BEF8A7632"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14690:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8D9DF8-0891-4858-B507-021B8EE1A624"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References