← Back

CVE-2020-14008

nvd nist
Published: Sep 4, 2020Modified: Jun 17, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

Affected (87)

Zohocorp
1 product
Manageengine Applications Manager
Configuration A
87 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Applications Manager
Up to 13.0
Manageengine Applications Manager
Version 14.0
Manageengine Applications Manager
Version 14.0 build14000
Manageengine Applications Manager
Version 14.0 build14010
Manageengine Applications Manager
Version 14.0 build14020
Manageengine Applications Manager
Version 14.0 build14030
Manageengine Applications Manager
Version 14.0 build14040
Manageengine Applications Manager
Version 14.0 build14050
Manageengine Applications Manager
Version 14.0 build14060
Manageengine Applications Manager
Version 14.0 build14070
Manageengine Applications Manager
Version 14.0 build14071
Manageengine Applications Manager
Version 14.0 build14072
Manageengine Applications Manager
Version 14.0 build14073
Manageengine Applications Manager
Version 14.0 build14080
Manageengine Applications Manager
Version 14.0 build14090
Manageengine Applications Manager
Version 14.0 build14100
Manageengine Applications Manager
Version 14.0 build14110
Manageengine Applications Manager
Version 14.0 build14120
Manageengine Applications Manager
Version 14.0 build14130
Manageengine Applications Manager
Version 14.0 build14140
Manageengine Applications Manager
Version 14.0 build14150
Manageengine Applications Manager
Version 14.0 build14160
Manageengine Applications Manager
Version 14.0 build14170
Manageengine Applications Manager
Version 14.0 build14180
Manageengine Applications Manager
Version 14.0 build14190
Manageengine Applications Manager
Version 14.0 build14200
Manageengine Applications Manager
Version 14.0 build14210
Manageengine Applications Manager
Version 14.0 build14220
Manageengine Applications Manager
Version 14.0 build14230
Manageengine Applications Manager
Version 14.0 build14240
Manageengine Applications Manager
Version 14.0 build14250
Manageengine Applications Manager
Version 14.0 build14260
Manageengine Applications Manager
Version 14.0 build14261
Manageengine Applications Manager
Version 14.0 build14262
Manageengine Applications Manager
Version 14.0 build14270
Manageengine Applications Manager
Version 14.0 build14280
Manageengine Applications Manager
Version 14.0 build14290
Manageengine Applications Manager
Version 14.0 build14300
Manageengine Applications Manager
Version 14.0 build14310
Manageengine Applications Manager
Version 14.0 build14330
Manageengine Applications Manager
Version 14.0 build14331
Manageengine Applications Manager
Version 14.0 build14332
Manageengine Applications Manager
Version 14.0 build14340
Manageengine Applications Manager
Version 14.0 build14350
Manageengine Applications Manager
Version 14.0 build14360
Manageengine Applications Manager
Version 14.0 build14361
Manageengine Applications Manager
Version 14.0 build14370
Manageengine Applications Manager
Version 14.0 build14380
Manageengine Applications Manager
Version 14.0 build14390
Manageengine Applications Manager
Version 14.0 build14400
Manageengine Applications Manager
Version 14.0 build14401
Manageengine Applications Manager
Version 14.0 build14410
Manageengine Applications Manager
Version 14.0 build14420
Manageengine Applications Manager
Version 14.0 build14430
Manageengine Applications Manager
Version 14.0 build14440
Manageengine Applications Manager
Version 14.0 build14450
Manageengine Applications Manager
Version 14.0 build14460
Manageengine Applications Manager
Version 14.0 build14470
Manageengine Applications Manager
Version 14.0 build14480
Manageengine Applications Manager
Version 14.0 build14490
Manageengine Applications Manager
Version 14.0 build14500
Manageengine Applications Manager
Version 14.0 build14510
Manageengine Applications Manager
Version 14.0 build14520
Manageengine Applications Manager
Version 14.0 build14530
Manageengine Applications Manager
Version 14.0 build14531
Manageengine Applications Manager
Version 14.0 build14532
Manageengine Applications Manager
Version 14.0 build14533
Manageengine Applications Manager
Version 14.0 build14540
Manageengine Applications Manager
Version 14.0 build14550
Manageengine Applications Manager
Version 14.0 build14560
Manageengine Applications Manager
Version 14.0 build14570
Manageengine Applications Manager
Version 14.0 build14580
Manageengine Applications Manager
Version 14.0 build14590
Manageengine Applications Manager
Version 14.0 build14600
Manageengine Applications Manager
Version 14.0 build14610
Manageengine Applications Manager
Version 14.0 build14620
Manageengine Applications Manager
Version 14.0 build14630
Manageengine Applications Manager
Version 14.0 build14660
Manageengine Applications Manager
Version 14.0 build14670
Manageengine Applications Manager
Version 14.0 build14681
Manageengine Applications Manager
Version 14.0 build14682
Manageengine Applications Manager
Version 14.0 build14683
Manageengine Applications Manager
Version 14.0 build14684
Manageengine Applications Manager
Version 14.0 build14685
Manageengine Applications Manager
Version 14.0 build14690
Manageengine Applications Manager
Version 14.0 build14700
Manageengine Applications Manager
Version 14.0 build14710

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.