Vulnerability Details | |
---|---|
Impact | CVSS V3 rating: 9.8 CRITICAL |
Reported | 16 November 2017 |
Fixed | 11 December 2017 |
Affected Builds | Till Build 13520 |
Fixed in | Build 13530 |
Overview | SQL injection via the resourceid parameter. |
Recommended Fix | Upgrade to Applications Manager Version 13530 or above. |
ManageEngine Applications Manager allowed SQL injection via the resourceid parameter while rendering the plasma view.
We recommend that you upgrade to Applications Manager Version 13530 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2017-16847 from the CVE dictionary and NIST NVD.
Other Resources: http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com