CVE-2020-15533 - Vulnerability Details

Vendors	Products
Zohocorp	Manageengine Applications Manager

Link	Providers
https://www.manageengine.com
https://www.manageengine.com/products/applications_manager/issues.html#v14750
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T18:44:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.manageengine.com"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.manageengine.com", "refsource": "MISC", "url": "https://www.manageengine.com"}, {"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html", "refsource": "CONFIRM", "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"}, {"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750", "refsource": "CONFIRM", "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:29.178Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.manageengine.com"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15533", "datePublished": "2020-10-01T18:44:11", "dateReserved": "2020-07-05T00:00:00", "dateUpdated": "2024-08-04T13:22:29.178Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-10-01T18:44:11 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.manageengine.com (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-15533 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.manageengine.com (string)

refsource : MISC (string)

url : https://www.manageengine.com (string)

}

1 : { »

name : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

refsource : CONFIRM (string)

url : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

}

2 : { »

name : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

refsource : CONFIRM (string)

url : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T13:22:29.178Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.manageengine.com (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-15533 (string)

datePublished : 2020-10-01T18:44:11 (string)

dateReserved : 2020-07-05T00:00:00 (string)

dateUpdated : 2024-08-04T13:22:29.178Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F25A81A-07FE-48D9-BF2E-AA0A0FE10988", "versionEndExcluding": "14.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:*", "matchCriteriaId": "D6487B15-0328-4FF9-9F62-01DAFCEABE1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14680:*:*:*:*:*:*", "matchCriteriaId": "B84D295A-7F52-4EE5-8ECD-9D707280C3B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14681:*:*:*:*:*:*", "matchCriteriaId": "9806D9E3-DB63-487F-9BF6-AFFA1A44099C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14682:*:*:*:*:*:*", "matchCriteriaId": "88D84E0D-6264-4061-84AF-273FDE32C8DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14683:*:*:*:*:*:*", "matchCriteriaId": "FE57EE9F-FE48-41BC-9A41-8F5BEF8A7632", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14690:*:*:*:*:*:*", "matchCriteriaId": "5B8D9DF8-0891-4858-B507-021B8EE1A624", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*", "matchCriteriaId": "02D3178E-6D94-48D0-8498-343C432A5143", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:*", "matchCriteriaId": "42F0DD71-04A1-4062-A814-D8BC08EFE365", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:*", "matchCriteriaId": "CA484ACB-FD16-488E-8240-14FB46E3029B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:*", "matchCriteriaId": "785AE7B0-82AC-405F-B5A8-33EDDE17BEAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:*", "matchCriteriaId": "72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:*", "matchCriteriaId": "660D358A-9AE5-4369-B8D9-054F836EE9FF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."}, {"lang": "es", "value": "En Zoho ManageEngine Application Manager versi\u00f3n 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el m\u00f3dulo AlarmEscalation es vulnerable a un ataque de inyecci\u00f3n SQL no autenticado"}], "id": "CVE-2020-15533", "lastModified": "2024-11-21T05:05:42.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T19:15:12.893", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F25A81A-07FE-48D9-BF2E-AA0A0FE10988 (string)

versionEndExcluding : 14.6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:-:*:*:*:*:*:* (string)

matchCriteriaId : D6487B15-0328-4FF9-9F62-01DAFCEABE1D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14680:*:*:*:*:*:* (string)

matchCriteriaId : B84D295A-7F52-4EE5-8ECD-9D707280C3B8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14681:*:*:*:*:*:* (string)

matchCriteriaId : 9806D9E3-DB63-487F-9BF6-AFFA1A44099C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14682:*:*:*:*:*:* (string)

matchCriteriaId : 88D84E0D-6264-4061-84AF-273FDE32C8DE (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14683:*:*:*:*:*:* (string)

matchCriteriaId : FE57EE9F-FE48-41BC-9A41-8F5BEF8A7632 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.6:build14690:*:*:*:*:*:* (string)

matchCriteriaId : 5B8D9DF8-0891-4858-B507-021B8EE1A624 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:* (string)

matchCriteriaId : 02D3178E-6D94-48D0-8498-343C432A5143 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14700:*:*:*:*:*:* (string)

matchCriteriaId : 42F0DD71-04A1-4062-A814-D8BC08EFE365 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14710:*:*:*:*:*:* (string)

matchCriteriaId : CA484ACB-FD16-488E-8240-14FB46E3029B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14720:*:*:*:*:*:* (string)

matchCriteriaId : 785AE7B0-82AC-405F-B5A8-33EDDE17BEAC (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14730:*:*:*:*:*:* (string)

matchCriteriaId : 72AC8303-D2E5-4FEC-B6F3-4F3B4F299D68 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14740:*:*:*:*:*:* (string)

matchCriteriaId : 660D358A-9AE5-4369-B8D9-054F836EE9FF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. (string)

}

1 : { »

lang : es (string)

value : En Zoho ManageEngine Application Manager versión 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el módulo AlarmEscalation es vulnerable a un ataque de inyección SQL no autenticado (string)

}

]

id : CVE-2020-15533 (string)

lastModified : 2024-11-21T05:05:42.700 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-10-01T19:15:12.893 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/applications_manager/issues.html#v14750 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object