Описание
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Ссылки
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.6 (исключая)
Одно из
cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14680:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14681:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14682:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14683:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14690:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11446
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
EPSS
Процентиль: 93%
0.11446
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89