CVE-2020-24786

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
Link Resource
https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability Vendor Advisory
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability Vendor Advisory
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability Vendor Advisory
https://www.manageengine.com/data-security/release-notes.html Vendor Advisory
https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5 Third Party Advisory
https://www.manageengine.com/products/eventlog/features-new.html Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*

Information

Published : 2020-08-31 03:15

Updated : 2020-09-10 03:47


NVD link : CVE-2020-24786

Mitre link : CVE-2020-24786

CWE