CVE-2019-19475

Privilege escalation exploit on PostgreSQL insecure file permission

Vulnerability Details
Impact	CVSS V3 rating: 8.8 HIGH
Fixed	24 November 2019
Affected Builds	Till Build 14420
Fixed in	Build 14430
Overview	Privilege escalation exploit on PostgreSQL insecure file permission.
Recommended Fix	Upgrade Applications Manager to version 14430 or above.

Description- Security Update - CVE-2019-19475 Database

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in "Authenticated Users" group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.

We recommend you to upgrade Applications Manager to version 14430 to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-19475 from CVE Directory and NIST NVD.

Reported by:
Sittikorn Sangrattanapitak - Cybersecurity Researcher.
Nuttakorn Tungpoonsup - Secure D Center Research Team, Secure D Center Co.,Ltd.
Ammarit Thongthua - Secure D Center Research Team, Secure D Center Co.,Ltd.

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★ ★ ★ ★ ★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark