Schedule demo
 
 

CVE-2016-9491

XML eXternal Entity vulnerability


Vulnerability Details
Impact CVSS V3 rating: 9.8 CRITICAL
Reported 02 November 2016
Fixed 17 April 2018
Affected Builds Till Build 13680
Fixed in Build 13690
Overview XML eXternal Entity vulnerability
Recommended Fix Upgrade to Applications Manager Version 13690 or above.

Description

The vulnerability allowed an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc.

We recommend that you upgrade to Applications Manager Version 13690 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2018-7890 from the CVE dictionary and NIST NVD.

Other Resources: https://seclists.org/fulldisclosure/2017/Apr/9

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company