Security Updates - CVE Details | ManageEngine Applications Manager

CVE-2017-16542

Post-authentication SQL injection vulnerability

Vulnerability Details
Impact	CVSS V3 rating:8.8 HIGH
Reported	11 May 2017
Fixed	22 November 2017
Affected Builds	Till Build 13450
Fixed in	Build 13500
Overview	Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request
Recommended Fix	Upgrade to Applications Manager Version 13500 or above.

Description

ManageEngine Applications Manager allowed for post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.

We recommend that you upgrade to Applications Manager version or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2017-16542 from the CVE dictionary and NIST NVD.

Other Resources: https://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★★★★★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark