Vulnerability Description
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Applications Manager | < 14.6 |
Related Weaknesses (CWE)
References
- https://www.manageengine.comVendor Advisory
- https://www.manageengine.com/products/applications_manager/issues.html#v14750Release NotesVendor Advisory
- https://www.manageengine.com/products/applications_manager/security-updates/secuVendor Advisory
- https://www.manageengine.comVendor Advisory
- https://www.manageengine.com/products/applications_manager/issues.html#v14750Release NotesVendor Advisory
- https://www.manageengine.com/products/applications_manager/security-updates/secuVendor Advisory
FAQ
What is CVE-2020-15533?
CVE-2020-15533 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
How severe is CVE-2020-15533?
CVE-2020-15533 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15533?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Applications Manager.