Schedule demo


Post-authentication SQL injection vulnerability

Vulnerability Details
Impact CVSS V3 rating: 8.8 HIGH
Reported 11 May 2017
Fixed 22 November 2017
Affected Builds Till Build 13450
Fixed in Build 13500
Overview Post-authentication SQL injection via the name parameter in a request
Recommended Fix Upgrade to Applications Manager Version 13500 or above.


ManageEngine Applications Manager allowed for post-authentication SQL injection via the name parameter in a request.

We recommend that you upgrade to Applications Manager version or above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2017-16542 from the CVE dictionary and NIST NVD.

Other Resources:

Need Help?

For clarification or corrections please contact our support team or email us at

You're in great company