CVE-2019-19800

Remote unauthenticated user able to disclose file names under /working directory via FailOverHelperServlet

Vulnerability Details
Impact	CVSS V3 rating: 5.3 MEDIUM
Fixed	1 April 2020
Affected Builds	Till Build 14610
Fixed in	Build 14620
Overview	Remote unauthenticated user able to disclose file names under /working directory via FailOverHelperServlet.
Recommended Fix	Upgrade Applications Manager to version 14620 or above.

Description- Security Update - CVE-2019-19800 Database

ManageEngine Applications Manager version 14610 and below allowed a remote unauthenticated attacker to disclose OS file names under /working directory via FailOverHelperServlet.

We recommend you to upgrade Applications Manager to version 14620 or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-19800 from CVE Directory and NIST NVD.

Reported by:
Luis Alfredo Nunez Rincon - Cybersecurity Researcher

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★★★★★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark