Vulnerability Details : CVE-2020-14008
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
Vulnerability category: Execute code
Products affected by CVE-2020-14008
- cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:-:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14110:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14120:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14130:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14140:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14150:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14160:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14170:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14180:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14190:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14210:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14220:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14230:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14240:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14250:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14260:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14261:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14262:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14270:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14280:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14290:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14310:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14330:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14331:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14332:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14340:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14350:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14360:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14361:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14370:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14380:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14390:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14400:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14401:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14410:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14420:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14430:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14440:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14450:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14460:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14470:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14480:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14490:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14500:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14510:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14520:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14530:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14531:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14532:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14533:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14540:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14550:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14560:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14570:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14580:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14590:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14600:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14610:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14620:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14630:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14660:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14670:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14681:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14682:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14683:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14684:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14685:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14690:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14700:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14710:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14008
14.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-14008
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-14008
-
https://www.manageengine.com/products/applications_manager/issues.html#14730
List of bug fixes and feature enhancements - ManageEngine Applications ManagerVendor Advisory
-
https://www.manageengine.com
ManageEngine - IT Operations and Service Management SoftwareProduct;Vendor Advisory
-
http://packetstormsecurity.com/files/159066/ManageEngine-Applications-Manager-Authenticated-Remote-Code-Execution.html
ManageEngine Applications Manager Authenticated Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to