Schedule demo
 
 

CVE-2017-16542

Post-authentication SQL injection vulnerability


Vulnerability Details
Impact CVSS V3 rating: 8.8 HIGH
Reported 11 May 2017
Fixed 22 November 2017
Affected Builds Till Build 13450
Fixed in Build 13500
Overview Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request
Recommended Fix Upgrade to Applications Manager Version 13500 or above.

Description

ManageEngine Applications Manager allowed for post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.

We recommend that you upgrade to Applications Manager version or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2017-16542 from the CVE dictionary and NIST NVD.

Other Resources: https://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company