| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 10.0 (Critical) |
| Reported | 02 November 2016 |
| Fixed | 08 February 2017 |
| Affected Builds | Till Build 13100 |
| Fixed in | Build 13200 |
| Overview | Reflected Cross-Site Scripting Vulnerability |
| Recommended Fix | Upgrade to Applications Manager Version 13200 and above |
ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
We recommend that you upgrade to Applications Manager Version 13200 to fix this issue.
Source and Acknowledgements
Find out more about CVE-2016-9490 from the CVE dictionary and NIST NVD.
Other Resources: https://seclists.org/fulldisclosure/2017/Apr/9
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com
It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.
Reviewer Role: Research and Development
Tech Support Manager, Lexmark