6.5
CVSSv2

CVE-2019-19650

Published: 11/12/2019 Updated: 19/12/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Zoho ManageEngine Applications Manager prior to 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

Vulnerability Trend

Affected Products

Vendor Product Versions
ZohocorpManageengine Applications Manager11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 11.7, 11.8, 11.9, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, 13.0, 13.1, 13.2, 13.3, 13.4, 13.5, 13.6