|Impact||CVSS V3 rating: 8.8 CRITICAL|
|Fixed||19 October 2020|
|Affected Builds||Below 14880|
|Fixed in||Version 14880 and above|
|Overview||Post Authenticated SQL Injection attack in AlarmView module.|
|Recommended Fix||Upgrade Applications Manager to version 14880 or above.|
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted AlarmView request.
We recommend you to upgrade Applications Manager to version 14880 or above to fix this issue.
Source and Acknowledgements