Schedule demo
 
 

CVE-2020-15394

Unauthenticated Remote Code Execution via SQL injection in REST API module


Vulnerability Details
Impact CVSS V3 rating: 9.8 CRITICAL
Fixed 1 July 2020
Affected Builds Below 14684
Between 14689 and 14740
Fixed in Build 14740 and above
Overview Unauthenticated Remote Code Execution via SQL injection in REST API module.
Recommended Fix Upgrade Applications Manager to version 14740 or above.

Description- Security Update - CVE-2020-15394 Database

In ManageEngine Application Manager 14.7 Build 14730, an unauthenticated SQL injection leading to RCE is possible in REST API module.

We recommend you to upgrade Applications Manager to version 14740 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2020-15394 from CVE Directory and NIST NVD.

Reported by:
Whoami from VSEC Redteam

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company