Strix
26.1K

CVE-2020-28679

HIGHCVSS 8.8/10EPSS 2.53%

Last modified

CVE-2020-28679 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.. EPSS estimates a 2.53% chance of exploitation in the next 30 days.

Description

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.53%

82.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
ZohocorpManageengine Applications Manager11.0Build11010
ZohocorpManageengine Applications Manager11.1Build11110
ZohocorpManageengine Applications Manager11.2Build11200
ZohocorpManageengine Applications Manager11.3Build11300
ZohocorpManageengine Applications Manager11.4Build11410
ZohocorpManageengine Applications Manager11.5Build11520
ZohocorpManageengine Applications Manager11.6Build11610
ZohocorpManageengine Applications Manager11.7Build11700
ZohocorpManageengine Applications Manager11.8Build11800
ZohocorpManageengine Applications Manager11.9Build11900
ZohocorpManageengine Applications Manager12.0Build12000
ZohocorpManageengine Applications Manager12.1Build12100
ZohocorpManageengine Applications Manager12.2Build12200
ZohocorpManageengine Applications Manager12.3Build12300
ZohocorpManageengine Applications Manager12.5Build12500
ZohocorpManageengine Applications Manager12.6Build12600
ZohocorpManageengine Applications Manager12.7Build12700
ZohocorpManageengine Applications Manager12.8Build12810
ZohocorpManageengine Applications Manager12.9Build12900
ZohocorpManageengine Applications Manager13.0Build13000
ZohocorpManageengine Applications Manager13.1Build13100
ZohocorpManageengine Applications Manager13.2Build13200
ZohocorpManageengine Applications Manager13.3Build13300
ZohocorpManageengine Applications Manager13.4Build13400
ZohocorpManageengine Applications Manager13.5Build13500
ZohocorpManageengine Applications Manager13.6Build13600
ZohocorpManageengine Applications Manager13.7Build13700
ZohocorpManageengine Applications Manager13.8Build13800
ZohocorpManageengine Applications Manager13.9Build13900
ZohocorpManageengine Applications Manager14.0Build14000
ZohocorpManageengine Applications Manager14.1Build14100
ZohocorpManageengine Applications Manager14.2Build14200
ZohocorpManageengine Applications Manager14.3Build14300
ZohocorpManageengine Applications Manager14.4Build14400
ZohocorpManageengine Applications Manager14.5Build14500

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-28679?
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
How severe is CVE-2020-28679?
CVE-2020-28679 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.53% probability of exploitation in the next 30 days.
How do I fix CVE-2020-28679?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-28679?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST