CVE-2020-27995 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
zohocorp	manageengine_applications_manager	14.0
zohocorp	manageengine_applications_manager	14.0:build14000
zohocorp	manageengine_applications_manager	14.0:build14010
zohocorp	manageengine_applications_manager	14.0:build14020
zohocorp	manageengine_applications_manager	14.0:build14030
zohocorp	manageengine_applications_manager	14.0:build14040
zohocorp	manageengine_applications_manager	14.0:build14050
zohocorp	manageengine_applications_manager	14.0:build14060
zohocorp	manageengine_applications_manager	14.0:build14070
zohocorp	manageengine_applications_manager	14.0:build14071
zohocorp	manageengine_applications_manager	14.0:build14072
zohocorp	manageengine_applications_manager	14.0:build14073
zohocorp	manageengine_applications_manager	14.0:build14080
zohocorp	manageengine_applications_manager	14.0:build14090
zohocorp	manageengine_applications_manager	14.0:build14100
zohocorp	manageengine_applications_manager	14.0:build14110
zohocorp	manageengine_applications_manager	14.0:build14120
zohocorp	manageengine_applications_manager	14.0:build14130
zohocorp	manageengine_applications_manager	14.0:build14140
zohocorp	manageengine_applications_manager	14.0:build14150
zohocorp	manageengine_applications_manager	14.0:build14160
zohocorp	manageengine_applications_manager	14.0:build14170
zohocorp	manageengine_applications_manager	14.0:build14180
zohocorp	manageengine_applications_manager	14.0:build14190
zohocorp	manageengine_applications_manager	14.0:build14200
zohocorp	manageengine_applications_manager	14.0:build14210
zohocorp	manageengine_applications_manager	14.0:build14220
zohocorp	manageengine_applications_manager	14.0:build14230
zohocorp	manageengine_applications_manager	14.0:build14240
zohocorp	manageengine_applications_manager	14.0:build14250
zohocorp	manageengine_applications_manager	14.0:build14260
zohocorp	manageengine_applications_manager	14.0:build14261
zohocorp	manageengine_applications_manager	14.0:build14262
zohocorp	manageengine_applications_manager	14.0:build14270
zohocorp	manageengine_applications_manager	14.0:build14280
zohocorp	manageengine_applications_manager	14.0:build14290
zohocorp	manageengine_applications_manager	14.0:build14300
zohocorp	manageengine_applications_manager	14.0:build14310
zohocorp	manageengine_applications_manager	14.0:build14330
zohocorp	manageengine_applications_manager	14.0:build14331
zohocorp	manageengine_applications_manager	14.0:build14332
zohocorp	manageengine_applications_manager	14.0:build14340
zohocorp	manageengine_applications_manager	14.0:build14350
zohocorp	manageengine_applications_manager	14.0:build14360
zohocorp	manageengine_applications_manager	14.0:build14361
zohocorp	manageengine_applications_manager	14.0:build14370
zohocorp	manageengine_applications_manager	14.0:build14380
zohocorp	manageengine_applications_manager	14.0:build14390
zohocorp	manageengine_applications_manager	14.0:build14400
zohocorp	manageengine_applications_manager	14.0:build14401
zohocorp	manageengine_applications_manager	14.0:build14410
zohocorp	manageengine_applications_manager	14.0:build14420
zohocorp	manageengine_applications_manager	14.0:build14430
zohocorp	manageengine_applications_manager	14.0:build14440
zohocorp	manageengine_applications_manager	14.0:build14450
zohocorp	manageengine_applications_manager	14.0:build14460
zohocorp	manageengine_applications_manager	14.0:build14470
zohocorp	manageengine_applications_manager	14.0:build14480
zohocorp	manageengine_applications_manager	14.0:build14490
zohocorp	manageengine_applications_manager	14.0:build14500
zohocorp	manageengine_applications_manager	14.0:build14510
zohocorp	manageengine_applications_manager	14.0:build14520
zohocorp	manageengine_applications_manager	14.0:build14530
zohocorp	manageengine_applications_manager	14.0:build14531
zohocorp	manageengine_applications_manager	14.0:build14532
zohocorp	manageengine_applications_manager	14.0:build14533
zohocorp	manageengine_applications_manager	14.0:build14540
zohocorp	manageengine_applications_manager	14.0:build14550

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

https://www.manageengine.com/products/applications_manager/issues.html#v14560