CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11469

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.074

EPSS Ranking 91.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2019-11469

Zohocorp » Manageengine Applications Manager » Version: 12.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0
Zohocorp » Manageengine Applications Manager » Version: 12.1

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1
Zohocorp » Manageengine Applications Manager » Version: 12.2

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2
Zohocorp » Manageengine Applications Manager » Version: 12.3

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3
Zohocorp » Manageengine Applications Manager » Version: 12.4

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.4
Zohocorp » Manageengine Applications Manager » Version: 12.5

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5
Zohocorp » Manageengine Applications Manager » Version: 12.6

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6
Zohocorp » Manageengine Applications Manager » Version: 12.7

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7
Zohocorp » Manageengine Applications Manager » Version: 12.8

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8
Zohocorp » Manageengine Applications Manager » Version: 12.9

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9
Zohocorp » Manageengine Applications Manager » Version: 13

cpe:2.3:a:zohocorp:manageengine_applications_manager:13
Zohocorp » Manageengine Applications Manager » Version: 13.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0
Zohocorp » Manageengine Applications Manager » Version: 13.1

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1
Zohocorp » Manageengine Applications Manager » Version: 13.13820

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.13820
Zohocorp » Manageengine Applications Manager » Version: 13.2

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2
Zohocorp » Manageengine Applications Manager » Version: 13.3

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3
Zohocorp » Manageengine Applications Manager » Version: 13.4

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4
Zohocorp » Manageengine Applications Manager » Version: 13.5

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5
Zohocorp » Manageengine Applications Manager » Version: 13.6

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6
Zohocorp » Manageengine Applications Manager » Version: 13.7

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7
Zohocorp » Manageengine Applications Manager » Version: 13.8

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8
Zohocorp » Manageengine Applications Manager » Version: 13.9

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9
Zohocorp » Manageengine Applications Manager » Version: 14.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11469

Products

Pricing

Contact Us