CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15104

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.034

EPSS Ranking 87.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2019-15104

Zohocorp » Manageengine Applications Manager » Version: 12.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0
Zohocorp » Manageengine Applications Manager » Version: 12.1

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1
Zohocorp » Manageengine Applications Manager » Version: 12.2

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2
Zohocorp » Manageengine Applications Manager » Version: 12.3

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3
Zohocorp » Manageengine Applications Manager » Version: 12.4

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.4
Zohocorp » Manageengine Applications Manager » Version: 12.5

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5
Zohocorp » Manageengine Applications Manager » Version: 12.6

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6
Zohocorp » Manageengine Applications Manager » Version: 12.7

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7
Zohocorp » Manageengine Applications Manager » Version: 12.8

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8
Zohocorp » Manageengine Applications Manager » Version: 12.9

cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9
Zohocorp » Manageengine Applications Manager » Version: 13

cpe:2.3:a:zohocorp:manageengine_applications_manager:13
Zohocorp » Manageengine Applications Manager » Version: 13.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0
Zohocorp » Manageengine Applications Manager » Version: 13.1

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1
Zohocorp » Manageengine Applications Manager » Version: 13.13820

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.13820
Zohocorp » Manageengine Applications Manager » Version: 13.2

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2
Zohocorp » Manageengine Applications Manager » Version: 13.3

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3
Zohocorp » Manageengine Applications Manager » Version: 13.4

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4
Zohocorp » Manageengine Applications Manager » Version: 13.5

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5
Zohocorp » Manageengine Applications Manager » Version: 13.6

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6
Zohocorp » Manageengine Applications Manager » Version: 13.7

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7
Zohocorp » Manageengine Applications Manager » Version: 13.8

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8
Zohocorp » Manageengine Applications Manager » Version: 13.9

cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9
Zohocorp » Manageengine Applications Manager » Version: 14.0

cpe:2.3:a:zohocorp:manageengine_applications_manager:14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15104

Products

Pricing

Contact Us