U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2020-24786

Change History

Initial Analysis by NIST 9/10/2020 11:47:36 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:* versions up to (including) 4.1
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* versions up to (including) 5.1
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* versions up to (including) 6.6
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* versions up to (including) 5.7
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:* versions up to (including) 4.0
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:* versions up to (including) 5.0
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:* versions up to (including) 12.1.2
     *cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:* versions up to (including) 5.4
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:* versions up to (including) 5.0
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:* versions up to (including) 4.2
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:* versions up to (including) 5.4
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-287
Changed Reference Type
https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5 No Types Assigned
https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5 Third Party Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 No Types Assigned
https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability No Types Assigned
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability Vendor Advisory
Changed Reference Type
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability No Types Assigned
https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability Vendor Advisory
Changed Reference Type
https://www.manageengine.com/data-security/release-notes.html No Types Assigned
https://www.manageengine.com/data-security/release-notes.html Vendor Advisory
Changed Reference Type
https://www.manageengine.com/products/eventlog/features-new.html No Types Assigned
https://www.manageengine.com/products/eventlog/features-new.html Vendor Advisory