Vulnerability Details | |
---|---|
Impact | CVSS V3 rating: 9.8 CRITICAL |
Reported | 16 November 2017 |
Fixed | 11 December 2017 |
Affected Builds | Till Build 13520 |
Fixed in | Build 13530 |
Overview | SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. |
Recommended Fix | Upgrade to Applications Manager Version 13530 or above. |
ManageEngine Applications Manager allowed SQL injection via the /manageApplications.do?method=AddSubGroup endpoint using the haid parameter.
We recommend that you upgrade to Applications Manager Version 13530 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2017-16846 from the CVE dictionary and NIST NVD.
Other Resources: https://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com
It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.
Reviewer Role: Research and Development