VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 4, 2020· Updated Aug 4, 2024

CVE-2020-14008

CVE-2020-14008

Description

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated admin users can upload a malicious JAR file to a specific location in Zoho ManageEngine Applications Manager 14710 and earlier, leading to remote code execution.

Vulnerability

In Zoho ManageEngine Applications Manager version 14710 and earlier, an authenticated admin user can upload a specially crafted JAR file to a specific location within the application. This allows the attacker to execute arbitrary code on the server.

Exploitation

An attacker needs valid admin credentials to the Applications Manager console. Once authenticated, they can upload a malicious JAR file to the designated location. The application then loads the JAR, leading to code execution.

Impact

Successful exploitation results in remote code execution with the privileges of the application server, allowing full compromise of the server and any connected systems.

Mitigation

The vendor released a fix in version 14730, as indicated by the bug fix list [2]. Users should upgrade to version 14730 or later. If unable to upgrade, restrict access to the admin console to trusted users only.

References
  1. List of bug fixes and feature enhancements - ManageEngine Applications Manager

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.