Vulnerability Details | |
---|---|
Impact | CVSS V3 rating: 9.8 CRITICAL |
Reported | 16 November 2017 |
Fixed | 11 December 2017 |
Affected Builds | Till Build 13520 |
Fixed in | Build 13530 |
Overview | SQL injection via the forpage parameter. |
Recommended Fix | Upgrade to Applications Manager Version 13530 or above. |
ManageEngine Applications Manager allowed SQL injection via the forpage parameter while displaying dashboards.
We recommend that you upgrade to Applications Manager Version 13530 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2017-16849 from the CVE dictionary and NIST NVD.
Other Resources: https://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com
It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.
Reviewer Role: Research and Development