Schedule demo
 
 

CVE-2017-16846

SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter


Vulnerability Details
Impact CVSS V3 rating: 9.8 CRITICAL
Reported 16 November 2017
Fixed 11 December 2017
Affected Builds Till Build 13520
Fixed in Build 13530
Overview SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
Recommended Fix Upgrade to Applications Manager Version 13530 or above.

Description

ManageEngine Applications Manager allowed SQL injection via the /manageApplications.do?method=AddSubGroup endpoint using the haid parameter.

We recommend that you upgrade to Applications Manager Version 13530 and above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2017-16846 from the CVE dictionary and NIST NVD.

Other Resources: https://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company