← voltar
CVE-2016-9489

ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass

EPSS 1.7%CWE-269
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.
Produtos afetados
ManageEngine · Applications Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2017/Apr/9https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.htmlhttps://www.securityfocus.com/bid/97394/