<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Skip to content
Right-Side-Virsec-Large Group-Dots-Light Sections
Jan 27, 2021 4:30:00 PM

CVE-2020-27733: Zoho Manage Engine - SQL injection

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

CVE-2020-27733: Zoho Manage Engine (SQL Injection). Virsec Risk Index: 77%

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 8.8 high as per NVD. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

1.3        Affected Version

Zoho ManageEngine Applications Manager before 14 build 14880.

1.4        Vulnerability Attribution

This vulnerability is disclosed by MITRE.

1.5        Risk Impact

ManageEngine, a division of Zoho Corporation makes enterprise IT management software for IT administrators and IT managers working in small, medium, and large enterprises. 38% of the large companies use Manage Engine for their IT management.

Distribution of Companies

Any exploit of this vulnerabilities could lead to exposure of all sensitive data that resides in the database, including all employee sensitive information.

1.6        Virsec Security Platform (VSP) Support:

VSP-Web capability can detect such a SQL injection attack and prevent this attack from being exploited.

1.7        Reference Links:


Download the full vulnerability report to learn more about this and other important vulnerabilities.

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!

Right-Side-Virsec-Large Group-Dots-Light Sections