CVE-2020-24786

31.08.2020, 15:15

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
zohocorp	manageengine_adselfservice_plus	𝑥 ≤ 5.7
zohocorp	manageengine_adselfservice_plus	5.8
zohocorp	manageengine_adselfservice_plus	5.8:5800
zohocorp	manageengine_adselfservice_plus	5.8:5801
zohocorp	manageengine_adselfservice_plus	5.8:5802
zohocorp	manageengine_adselfservice_plus	5.8:5803
zohocorp	manageengine_adselfservice_plus	5.8:5804
zohocorp	manageengine_adselfservice_plus	5.8:5805
zohocorp	manageengine_adselfservice_plus	5.8:5806
zohocorp	manageengine_adselfservice_plus	5.8:5807
zohocorp	manageengine_adselfservice_plus	5.8:5808
zohocorp	manageengine_adselfservice_plus	5.8:5809
zohocorp	manageengine_adselfservice_plus	5.8:5810
zohocorp	manageengine_adselfservice_plus	5.8:5811
zohocorp	manageengine_adselfservice_plus	5.8:5812
zohocorp	manageengine_adselfservice_plus	5.8:5813
zohocorp	manageengine_adselfservice_plus	5.8:5814
zohocorp	manageengine_adselfservice_plus	5.8:5815
zohocorp	manageengine_adselfservice_plus	5.8:5816
zohocorp	manageengine_exchange_reporter_plus	𝑥 ≤ 5.4
zohocorp	manageengine_exchange_reporter_plus	5.5:5500
zohocorp	manageengine_exchange_reporter_plus	5.5:5501
zohocorp	manageengine_exchange_reporter_plus	5.5:5502
zohocorp	manageengine_exchange_reporter_plus	5.5:5503
zohocorp	manageengine_exchange_reporter_plus	5.5:5504
zohocorp	manageengine_ad360	𝑥 ≤ 4.1
zohocorp	manageengine_ad360	4.2:4200
zohocorp	manageengine_ad360	4.2:4201
zohocorp	manageengine_ad360	4.2:4202
zohocorp	manageengine_ad360	4.2:4203
zohocorp	manageengine_ad360	4.2:4204
zohocorp	manageengine_ad360	4.2:4205
zohocorp	manageengine_ad360	4.2:4206
zohocorp	manageengine_ad360	4.2:4207
zohocorp	manageengine_ad360	4.2:4208
zohocorp	manageengine_ad360	4.2:4209
zohocorp	manageengine_ad360	4.2:4210
zohocorp	manageengine_ad360	4.2:4212
zohocorp	manageengine_ad360	4.2:4213
zohocorp	manageengine_ad360	4.2:4214
zohocorp	manageengine_ad360	4.2:4215
zohocorp	manageengine_ad360	4.2:4216
zohocorp	manageengine_ad360	4.2:4217
zohocorp	manageengine_ad360	4.2:4219
zohocorp	manageengine_ad360	4.2:4220
zohocorp	manageengine_ad360	4.2:4222
zohocorp	manageengine_ad360	4.2:4223
zohocorp	manageengine_ad360	4.2:4224
zohocorp	manageengine_ad360	4.2:4225
zohocorp	manageengine_ad360	4.2:4227
zohocorp	manageengine_datasecurity_plus	𝑥 ≤ 5.0
zohocorp	manageengine_datasecurity_plus	6.0:6000
zohocorp	manageengine_datasecurity_plus	6.0:6001
zohocorp	manageengine_datasecurity_plus	6.0:6002
zohocorp	manageengine_datasecurity_plus	6.0:6003
zohocorp	manageengine_datasecurity_plus	6.0:6010
zohocorp	manageengine_datasecurity_plus	6.0:6011
zohocorp	manageengine_datasecurity_plus	6.0:6012
zohocorp	manageengine_datasecurity_plus	6.0:6013
zohocorp	manageengine_datasecurity_plus	6.0:6020
zohocorp	manageengine_datasecurity_plus	6.0:6021
zohocorp	manageengine_datasecurity_plus	6.0:6030
zohocorp	manageengine_datasecurity_plus	6.0:6031
zohocorp	manageengine_datasecurity_plus	6.0:6032
zohocorp	manageengine_recovermanager_plus	𝑥 ≤ 5.4
zohocorp	manageengine_recovermanager_plus	6.0:6001
zohocorp	manageengine_recovermanager_plus	6.0:6003
zohocorp	manageengine_recovermanager_plus	6.0:6005
zohocorp	manageengine_recovermanager_plus	6.0:6011
zohocorp	manageengine_recovermanager_plus	6.0:6016
zohocorp	manageengine_eventlog_analyzer	𝑥 ≤ 12.1.2
zohocorp	manageengine_eventlog_analyzer	12.1.3:12130
zohocorp	manageengine_eventlog_analyzer	12.1.3:12135
zohocorp	manageengine_adaudit_plus	𝑥 ≤ 5.1
zohocorp	manageengine_adaudit_plus	6.0:6000
zohocorp	manageengine_adaudit_plus	6.0:6001
zohocorp	manageengine_adaudit_plus	6.0:6002
zohocorp	manageengine_adaudit_plus	6.0:6003
zohocorp	manageengine_adaudit_plus	6.0:6010
zohocorp	manageengine_adaudit_plus	6.0:6030
zohocorp	manageengine_adaudit_plus	6.0:6031
zohocorp	manageengine_adaudit_plus	6.0:6032
zohocorp	manageengine_adaudit_plus	6.0:6033
zohocorp	manageengine_adaudit_plus	6.0:6050
zohocorp	manageengine_adaudit_plus	6.0:6052
zohocorp	manageengine_o365_manager_plus	𝑥 ≤ 4.2
zohocorp	manageengine_o365_manager_plus	4.3:4300
zohocorp	manageengine_o365_manager_plus	4.3:4301
zohocorp	manageengine_o365_manager_plus	4.3:4302
zohocorp	manageengine_o365_manager_plus	4.3:4303
zohocorp	manageengine_o365_manager_plus	4.3:4304
zohocorp	manageengine_o365_manager_plus	4.3:4305
zohocorp	manageengine_o365_manager_plus	4.3:4306
zohocorp	manageengine_o365_manager_plus	4.3:4308
zohocorp	manageengine_o365_manager_plus	4.3:4309
zohocorp	manageengine_o365_manager_plus	4.3:4310
zohocorp	manageengine_o365_manager_plus	4.3:4311
zohocorp	manageengine_o365_manager_plus	4.3:4312
zohocorp	manageengine_o365_manager_plus	4.3:4316
zohocorp	manageengine_o365_manager_plus	4.3:4317
zohocorp	manageengine_o365_manager_plus	4.3:4318
zohocorp	manageengine_o365_manager_plus	4.3:4319
zohocorp	manageengine_o365_manager_plus	4.3:4320
zohocorp	manageengine_o365_manager_plus	4.3:4321
zohocorp	manageengine_o365_manager_plus	4.3:4322
zohocorp	manageengine_o365_manager_plus	4.3:4324
zohocorp	manageengine_o365_manager_plus	4.3:4325
zohocorp	manageengine_o365_manager_plus	4.3:4327
zohocorp	manageengine_o365_manager_plus	4.3:4328
zohocorp	manageengine_o365_manager_plus	4.3:4329
zohocorp	manageengine_o365_manager_plus	4.3:4330
zohocorp	manageengine_o365_manager_plus	4.3:4331
zohocorp	manageengine_o365_manager_plus	4.3:4332
zohocorp	manageengine_o365_manager_plus	4.3:4333
zohocorp	manageengine_o365_manager_plus	4.3:4334
zohocorp	manageengine_cloud_security_plus	𝑥 ≤ 4.0
zohocorp	manageengine_cloud_security_plus	4.1:4100
zohocorp	manageengine_cloud_security_plus	4.1:4101
zohocorp	manageengine_cloud_security_plus	4.1:4102
zohocorp	manageengine_cloud_security_plus	4.1:4103
zohocorp	manageengine_cloud_security_plus	4.1:4104
zohocorp	manageengine_cloud_security_plus	4.1:4105
zohocorp	manageengine_cloud_security_plus	4.1:4106
zohocorp	manageengine_cloud_security_plus	4.1:4107
zohocorp	manageengine_cloud_security_plus	4.1:4108
zohocorp	manageengine_cloud_security_plus	4.1:4109
zohocorp	manageengine_admanager_plus	𝑥 ≤ 6.6
zohocorp	manageengine_admanager_plus	7.0:7000
zohocorp	manageengine_admanager_plus	7.0:7010
zohocorp	manageengine_admanager_plus	7.0:7011
zohocorp	manageengine_admanager_plus	7.0:7020
zohocorp	manageengine_admanager_plus	7.0:7030
zohocorp	manageengine_admanager_plus	7.0:7040
zohocorp	manageengine_admanager_plus	7.0:7041
zohocorp	manageengine_admanager_plus	7.0:7050
zohocorp	manageengine_admanager_plus	7.0:7051
zohocorp	manageengine_admanager_plus	7.0:7052
zohocorp	manageengine_admanager_plus	7.0:7053
zohocorp	manageengine_admanager_plus	7.0:7054
zohocorp	manageengine_log360	𝑥 ≤ 5.0
zohocorp	manageengine_log360	5.1:5100
zohocorp	manageengine_log360	5.1:5102
zohocorp	manageengine_log360	5.1:5107
zohocorp	manageengine_log360	5.1:5108
zohocorp	manageengine_log360	5.1:5110
zohocorp	manageengine_log360	5.1:5111
zohocorp	manageengine_log360	5.1:5120
zohocorp	manageengine_log360	5.1:5150
zohocorp	manageengine_log360	5.1:5154
zohocorp	manageengine_log360	5.1:5155
zohocorp	manageengine_log360	5.1:5160
zohocorp	manageengine_log360	5.1:5164