# CVE-2020-14008

## Authenticated Remote Code Execution as admin via Java class reflection in Weblogic server test credential API

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating:** |
| Fixed | 24 June 2020 |
| Affected Builds | Till version 14720 |
| Fixed in | Build 14730 and above |
| Overview | Authenticated Remote Code Execution as admin via Java class reflection in Weblogic server test credential API. |
| **Recommended Fix** | **Upgrade Applications Manager to version 14730 or above.** |

## Description- Security Update - CVE-2020-14008 Database

ManageEngine Applications Manager 14720 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

We recommend you to upgrade Applications Manager to version 14730 or above to fix this issue.

## Source and Acknowledgements

Find out more about CVE-2020-14008 from [CVE Directory](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14008) and [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-14008).

**Reported by:**  
hodorsec

## Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/products/applications_manager/support.html) or email us at [appmanager-support@manageengine.com](mailto:appmanager-support@manageengine.com)