CVE-2020-10816

Опубликовано: 08 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

Ссылки

https://gitlab.com/eLeN3Re/CVE-2020-10816
Third Party Advisory
https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html
Vendor Advisory
https://gitlab.com/eLeN3Re/CVE-2020-10816
Third Party Advisory
https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14750:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14760:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14770:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14780:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.2501

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-jwv5-hj8w-4fc9

github

больше 3 лет назад