CVE-2017-11738
HIGHZoho ManageEngine Application Manager <14.6 - SQL Injection
Title source: llmDescription
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
http://manageengine.com
Not Applicable x_refsource_misc
http://application.com
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108470
Various Sources x_refsource_confirm
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html
Scores
CVSS v3
8.1
EPSS
0.0082
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
zohocorp/manageengine_applications_manager
13.1 13100
Published
May 23, 2019
Tracked Since
Feb 18, 2026