10

CVE-2020-24786

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.

Data is provided by the National Vulnerability Database (NVD)
ZohocorpManageengine Adselfservice Plus Version5.8 Update-
ZohocorpManageengine Adselfservice Plus Version5.8 Update5800
ZohocorpManageengine Adselfservice Plus Version5.8 Update5801
ZohocorpManageengine Adselfservice Plus Version5.8 Update5802
ZohocorpManageengine Adselfservice Plus Version5.8 Update5803
ZohocorpManageengine Adselfservice Plus Version5.8 Update5804
ZohocorpManageengine Adselfservice Plus Version5.8 Update5805
ZohocorpManageengine Adselfservice Plus Version5.8 Update5806
ZohocorpManageengine Adselfservice Plus Version5.8 Update5807
ZohocorpManageengine Adselfservice Plus Version5.8 Update5808
ZohocorpManageengine Adselfservice Plus Version5.8 Update5809
ZohocorpManageengine Adselfservice Plus Version5.8 Update5810
ZohocorpManageengine Adselfservice Plus Version5.8 Update5811
ZohocorpManageengine Adselfservice Plus Version5.8 Update5812
ZohocorpManageengine Adselfservice Plus Version5.8 Update5813
ZohocorpManageengine Adselfservice Plus Version5.8 Update5814
ZohocorpManageengine Adselfservice Plus Version5.8 Update5815
ZohocorpManageengine Adselfservice Plus Version5.8 Update5816
ZohocorpManageengine Exchange Reporter Plus Version5.5 Update5500
ZohocorpManageengine Exchange Reporter Plus Version5.5 Update5501
ZohocorpManageengine Exchange Reporter Plus Version5.5 Update5502
ZohocorpManageengine Exchange Reporter Plus Version5.5 Update5503
ZohocorpManageengine Exchange Reporter Plus Version5.5 Update5504
ZohocorpManageengine Ad360 Version <= 4.1
ZohocorpManageengine Ad360 Version4.2 Update4200
ZohocorpManageengine Ad360 Version4.2 Update4201
ZohocorpManageengine Ad360 Version4.2 Update4202
ZohocorpManageengine Ad360 Version4.2 Update4203
ZohocorpManageengine Ad360 Version4.2 Update4204
ZohocorpManageengine Ad360 Version4.2 Update4205
ZohocorpManageengine Ad360 Version4.2 Update4206
ZohocorpManageengine Ad360 Version4.2 Update4207
ZohocorpManageengine Ad360 Version4.2 Update4208
ZohocorpManageengine Ad360 Version4.2 Update4209
ZohocorpManageengine Ad360 Version4.2 Update4210
ZohocorpManageengine Ad360 Version4.2 Update4212
ZohocorpManageengine Ad360 Version4.2 Update4213
ZohocorpManageengine Ad360 Version4.2 Update4214
ZohocorpManageengine Ad360 Version4.2 Update4215
ZohocorpManageengine Ad360 Version4.2 Update4216
ZohocorpManageengine Ad360 Version4.2 Update4217
ZohocorpManageengine Ad360 Version4.2 Update4219
ZohocorpManageengine Ad360 Version4.2 Update4220
ZohocorpManageengine Ad360 Version4.2 Update4222
ZohocorpManageengine Ad360 Version4.2 Update4223
ZohocorpManageengine Ad360 Version4.2 Update4224
ZohocorpManageengine Ad360 Version4.2 Update4225
ZohocorpManageengine Ad360 Version4.2 Update4227
ZohocorpManageengine Datasecurity Plus Version6.0 Update6000
ZohocorpManageengine Datasecurity Plus Version6.0 Update6001
ZohocorpManageengine Datasecurity Plus Version6.0 Update6002
ZohocorpManageengine Datasecurity Plus Version6.0 Update6003
ZohocorpManageengine Datasecurity Plus Version6.0 Update6010
ZohocorpManageengine Datasecurity Plus Version6.0 Update6011
ZohocorpManageengine Datasecurity Plus Version6.0 Update6012
ZohocorpManageengine Datasecurity Plus Version6.0 Update6013
ZohocorpManageengine Datasecurity Plus Version6.0 Update6020
ZohocorpManageengine Datasecurity Plus Version6.0 Update6021
ZohocorpManageengine Datasecurity Plus Version6.0 Update6030
ZohocorpManageengine Datasecurity Plus Version6.0 Update6031
ZohocorpManageengine Datasecurity Plus Version6.0 Update6032
ZohocorpManageengine Recovermanager Plus Version6.0 Update6001
ZohocorpManageengine Recovermanager Plus Version6.0 Update6003
ZohocorpManageengine Recovermanager Plus Version6.0 Update6005
ZohocorpManageengine Recovermanager Plus Version6.0 Update6011
ZohocorpManageengine Recovermanager Plus Version6.0 Update6016
ZohocorpManageengine Eventlog Analyzer Version12.1.3 Update12130
ZohocorpManageengine Eventlog Analyzer Version12.1.3 Update12135
ZohocorpManageengine Adaudit Plus Version6.0 Update6000
ZohocorpManageengine Adaudit Plus Version6.0 Update6001
ZohocorpManageengine Adaudit Plus Version6.0 Update6002
ZohocorpManageengine Adaudit Plus Version6.0 Update6003
ZohocorpManageengine Adaudit Plus Version6.0 Update6010
ZohocorpManageengine Adaudit Plus Version6.0 Update6030
ZohocorpManageengine Adaudit Plus Version6.0 Update6031
ZohocorpManageengine Adaudit Plus Version6.0 Update6032
ZohocorpManageengine Adaudit Plus Version6.0 Update6033
ZohocorpManageengine Adaudit Plus Version6.0 Update6050
ZohocorpManageengine Adaudit Plus Version6.0 Update6052
ZohocorpManageengine O365 Manager Plus Version4.3 Update4300
ZohocorpManageengine O365 Manager Plus Version4.3 Update4301
ZohocorpManageengine O365 Manager Plus Version4.3 Update4302
ZohocorpManageengine O365 Manager Plus Version4.3 Update4303
ZohocorpManageengine O365 Manager Plus Version4.3 Update4304
ZohocorpManageengine O365 Manager Plus Version4.3 Update4305
ZohocorpManageengine O365 Manager Plus Version4.3 Update4306
ZohocorpManageengine O365 Manager Plus Version4.3 Update4308
ZohocorpManageengine O365 Manager Plus Version4.3 Update4309
ZohocorpManageengine O365 Manager Plus Version4.3 Update4310
ZohocorpManageengine O365 Manager Plus Version4.3 Update4311
ZohocorpManageengine O365 Manager Plus Version4.3 Update4312
ZohocorpManageengine O365 Manager Plus Version4.3 Update4316
ZohocorpManageengine O365 Manager Plus Version4.3 Update4317
ZohocorpManageengine O365 Manager Plus Version4.3 Update4318
ZohocorpManageengine O365 Manager Plus Version4.3 Update4319
ZohocorpManageengine O365 Manager Plus Version4.3 Update4320
ZohocorpManageengine O365 Manager Plus Version4.3 Update4321
ZohocorpManageengine O365 Manager Plus Version4.3 Update4322
ZohocorpManageengine O365 Manager Plus Version4.3 Update4324
ZohocorpManageengine O365 Manager Plus Version4.3 Update4325
ZohocorpManageengine O365 Manager Plus Version4.3 Update4327
ZohocorpManageengine O365 Manager Plus Version4.3 Update4328
ZohocorpManageengine O365 Manager Plus Version4.3 Update4329
ZohocorpManageengine O365 Manager Plus Version4.3 Update4330
ZohocorpManageengine O365 Manager Plus Version4.3 Update4331
ZohocorpManageengine O365 Manager Plus Version4.3 Update4332
ZohocorpManageengine O365 Manager Plus Version4.3 Update4333
ZohocorpManageengine O365 Manager Plus Version4.3 Update4334
ZohocorpManageengine Cloud Security Plus Version4.1 Update4100
ZohocorpManageengine Cloud Security Plus Version4.1 Update4101
ZohocorpManageengine Cloud Security Plus Version4.1 Update4102
ZohocorpManageengine Cloud Security Plus Version4.1 Update4103
ZohocorpManageengine Cloud Security Plus Version4.1 Update4104
ZohocorpManageengine Cloud Security Plus Version4.1 Update4105
ZohocorpManageengine Cloud Security Plus Version4.1 Update4106
ZohocorpManageengine Cloud Security Plus Version4.1 Update4107
ZohocorpManageengine Cloud Security Plus Version4.1 Update4108
ZohocorpManageengine Cloud Security Plus Version4.1 Update4109
ZohocorpManageengine Admanager Plus Version7.0 Update7000
ZohocorpManageengine Admanager Plus Version7.0 Update7010
ZohocorpManageengine Admanager Plus Version7.0 Update7011
ZohocorpManageengine Admanager Plus Version7.0 Update7020
ZohocorpManageengine Admanager Plus Version7.0 Update7030
ZohocorpManageengine Admanager Plus Version7.0 Update7040
ZohocorpManageengine Admanager Plus Version7.0 Update7041
ZohocorpManageengine Admanager Plus Version7.0 Update7050
ZohocorpManageengine Admanager Plus Version7.0 Update7051
ZohocorpManageengine Admanager Plus Version7.0 Update7052
ZohocorpManageengine Admanager Plus Version7.0 Update7053
ZohocorpManageengine Admanager Plus Version7.0 Update7054
ZohocorpManageengine Log360 Version <= 5.0
ZohocorpManageengine Log360 Version5.1 Update5100
ZohocorpManageengine Log360 Version5.1 Update5102
ZohocorpManageengine Log360 Version5.1 Update5107
ZohocorpManageengine Log360 Version5.1 Update5108
ZohocorpManageengine Log360 Version5.1 Update5110
ZohocorpManageengine Log360 Version5.1 Update5111
ZohocorpManageengine Log360 Version5.1 Update5120
ZohocorpManageengine Log360 Version5.1 Update5150
ZohocorpManageengine Log360 Version5.1 Update5154
ZohocorpManageengine Log360 Version5.1 Update5155
ZohocorpManageengine Log360 Version5.1 Update5160
ZohocorpManageengine Log360 Version5.1 Update5164
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.78% 0.909
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.