CVE-2019-19799

Unauthenticated disclosure of license-related information via WieldFeedServlet servlet

Vulnerability Details
Impact	CVSS V3 rating: -
Fixed	18 March 2020
Affected Builds	Till Build 14590
Fixed in	Build 14600
Overview	Unauthenticated disclosure of license-related information via WieldFeedServlet servlet.
Recommended Fix	Upgrade Applications Manager to version 14600 or above.

Description- Security Update - CVE-2019-19799 Database

ManageEngine Applications Manager version 14590 and below allowed a remote unauthenticated attacker to disclose license-related information via WieldFeedServlet servlet. The remote unauthenticated attacker could download the license file information via WieldFeedServlet servlet, which could allow3—4users to apply them in their Applications Manager-installed machines.

We recommend you to upgrade Applications Manager to version 14600 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-19799 from CVE Directory and NIST NVD.

Reported by:
Luis Alfredo Nunez Rincon - Cybersecurity Researcher

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★★★★★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark