HTTP: Zoho ManageEngine Applications Manager AlertRes_Mtrgrp.jsp sid SQL Injection
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine Applications Manager. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Affected Products
Zohocorp manageengine_applications_manager
References
CVE: CVE-2020-15533
Short Name
HTTP:SQL:INJ:ZOHO-ALRTMGRP-SID
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AlertRes_Mtrgrp.jsp Applications CVE-2020-15533 Injection ManageEngine Manager SQL Zoho sid
Release Date
08/12/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
7.5