Schedule demo
 
 

CVE-2018-13050

SQL Injection vulnerability in the j_username parameter


Vulnerability Details
Impact CVSS V3 rating: 9.8 CRITICAL
Reported 02 June 2018
Fixed 10 July 2018
Affected Builds Till Build 13790
Fixed in Build 13800
Overview SQL Injection vulnerability in the j_username parameter
Recommended Fix Upgrade to Applications Manager Version 13800 or above.

Description

A SQL Injection vulnerability existed in ManageEngine Applications Manager via the j_username parameter in a /j_security_check POST request.

We recommend that you upgrade to Applications Manager Version 13800 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2018-13050 from the CVE dictionary and NIST NVD.

Other Resources: https://github.com/x-f1v3/ForCve/issues/1

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company