Vulnerability Details : CVE-2020-28679
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
Vulnerability category: Sql Injection
Products affected by CVE-2020-28679
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13700:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13710:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13720:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13730:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13750:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13760:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13770:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13780:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13790:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14010:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14020:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14030:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14040:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14050:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14060:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14070:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14071:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14072:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14073:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14080:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0:build14090:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14500:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14510:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14520:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14530:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.5:build14540:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11010:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11020:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11030:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11040:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0:build11100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.1:build11110:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11210:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2:build11220:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.3:build11300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.4:build11410:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.5:build11520:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.6:build11610:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.7:build11700:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.8:build11800:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11900:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9:build11912:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12010:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:build12020:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1:build12120:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2:build12210:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:build12300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5:build12500:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6:build12600:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12700:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7:build12710:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8:build12810:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9:build12900:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:build13000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:build13100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2:build13210:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3:build13300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13400:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13410:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13420:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13430:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13440:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4:build13450:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13500:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13510:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13520:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13530:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13540:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13550:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13560:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13570:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13580:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13590:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5:build13591:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13600:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13610:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13620:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13630:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13640:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13650:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13660:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13670:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13680:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6:build13690:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13740:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13800:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13810:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13820:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13830:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13831:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13840:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13850:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13860:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13870:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13880:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8:build13890:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13900:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13910:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13920:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13930:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13940:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13950:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13960:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13970:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13980:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9:build13990:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14110:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14120:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14130:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14140:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14150:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14160:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14170:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14180:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.1:build14190:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14210:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14220:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14230:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14240:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14250:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14260:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14261:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14262:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14270:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14280:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.2:build14290:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14310:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14330:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14331:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14332:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14340:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14350:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14360:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14361:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14370:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14380:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14390:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14400:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14401:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14410:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14420:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14430:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14440:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14450:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14460:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14470:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14480:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_applications_manager:14.4:build14490:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28679
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28679
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-28679
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28679
-
https://www.manageengine.com/products/applications_manager/issues.html#v14550
List of bug fixes and feature enhancements - ManageEngine Applications ManagerRelease Notes;Vendor Advisory
Jump to