CVE-2020-14008

HIGH

ManageEngine Applications Manager <= 14710 - Authenticated Remote Code Execution via JAR Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-14008. PoCs published by Hodorsec, JackHars, 0x0d3ad.

AI-analyzed exploit summary This exploit leverages an authenticated RCE vulnerability in ManageEngine Applications Manager by uploading a malicious JAR file via directory traversal and triggering its execution through a WebLogic credential test. The JAR contains a reverse shell payload executed via the `weblogic.jndi.Environment` class.

Description

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

Exploits (3)

exploitdb WORKING POC
by Hodorsec · pythonwebappsjava
https://www.exploit-db.com/exploits/48793

This exploit leverages an authenticated RCE vulnerability in ManageEngine Applications Manager by uploading a malicious JAR file via directory traversal and triggering its execution through a WebLogic credential test. The JAR contains a reverse shell payload executed via the `weblogic.jndi.Environment` class.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Applications Manager (versions up to 14720)
Auth required
Prerequisites: Valid credentials for ManageEngine Applications Manager · Network access to the target · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by JackHars · poc
https://github.com/JackHars/cve-2020-14008

This exploit leverages a deserialization vulnerability in ManageEngine Applications Manager to execute a PowerShell reverse shell with SYSTEM privileges. It authenticates with provided credentials and sends a malicious payload via the RestAPI/LogReceiver endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Applications Manager (version not specified)
Auth required
Prerequisites: Valid credentials for ManageEngine Applications Manager · Network access to the target · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by 0x0d3ad · poc
https://github.com/0x0d3ad/CVE-2020-14008

This repository contains a functional exploit for CVE-2020-14008, an authenticated RCE vulnerability in Zoho ManageEngine Applications Manager. The exploit abuses a file upload mechanism to deploy a malicious JAR file, which is then executed via a Weblogic credential test feature.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zoho ManageEngine Applications Manager (versions <= 14720)
Auth required
Prerequisites: Valid admin credentials · Java JDK (javac and jar on PATH) · Netcat for reverse shell
devstral-2 · analyzed May 19, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.manageengine.com

Scores

CVSS v3 7.2
EPSS 0.3553
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
zohocorp/manageengine_applications_manager 14.0 (50 CPE variants)
Published Sep 04, 2020
Tracked Since Feb 18, 2026