CVE-2020-15521

Unauthenticated Reflected XSS via url '/jsp/header.jsp'

Vulnerability Details
Impact	CVSS V3 rating: 7.4
Fixed	22 July 2020
Affected Builds	Till version 14760
Fixed in	Version 14770 and above
Overview	Unauthenticated Reflected XSS via url '/jsp/header.jsp'.
Recommended Fix	Upgrade Applications Manager to version 14770 or above.

Description- Security Update - CVE-2020-15521 Database

In ManageEngine Application Manager 14.7 Build 14760, An Unauthenticated Reflected XSS via url '/jsp/header.jsp' is possible.

We recommend you to upgrade Applications Manager to version 14770 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2020-15521 from CVE Directory and NIST NVD.

Reported by:
Dien Pham at Vietnam Security Network (VSEC)

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★ ★ ★ ★ ★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark