CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16847

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.123

EPSS Ranking 93.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html
http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html

Products affected by CVE-2017-16847

Zohocorp » Manageengine Applications Manager » Version: 13.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16847

Products

Pricing

Contact Us