Schedule demo
 
 

CVE-2017-11738

SQL Injection attack possible in 'haid' parameter of the '/auditLogAction.do' URL


Vulnerability Details
Impact CVSS V3 rating: 8.1 HIGH
Fixed 30 April 2020
Affected Builds Till version 14650
Fixed in Build 14660 and above
Overview SQL Injection attack possible in 'haid' parameter of the '/auditLogAction.do' URL.
Recommended Fix Upgrade Applications Manager to version 14660 or above.

Description- Security Update - CVE-2017-11738 Database

In ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

We recommend you to upgrade Applications Manager to version 14660 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2017-11738 from CVE Directory and NIST NVD.

Reported by:
Elvin Hayes Gentiles of Trustwave SpiderLabs

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company