|Impact||CVSS V3 rating: 8.8 CRITICAL|
|Fixed||13 January 2021|
|Affected Builds||Below 15000|
|Fixed in||Version 15000 and above|
|Overview||Post Authenticated SQL Injection attack in ShowResource module of Mobile View.|
|Recommended Fix||Upgrade Applications Manager to version 15000 or above.|
Zoho ManageEngine Applications Manager through 14911 allows an authenticated SQL Injection via a crafted showresource request.
We recommend you to upgrade Applications Manager to version 15000 or above to fix this issue.
Source and Acknowledgements