Schedule demo
 
 

CVE-2019-19475

Privilege escalation exploit on PostgreSQL insecure file permission


Vulnerability Details
Impact CVSS V3 rating: 8.8 HIGH
Fixed 24 November 2019
Affected Builds Till Build 14420
Fixed in Build 14430
Overview Privilege escalation exploit on PostgreSQL insecure file permission.
Recommended Fix Upgrade Applications Manager to version 14430 or above.

Description- Security Update - CVE-2019-19475 Database

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in "Authenticated Users" group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.

We recommend you to upgrade Applications Manager to version 14430 to fix this issue.


Source and Acknowledgements

Find out more about CVE-2019-19475 from CVE Directory and NIST NVD.

Reported by:
Sittikorn Sangrattanapitak - Cybersecurity Researcher.
Nuttakorn Tungpoonsup - Secure D Center Research Team, Secure D Center Co.,Ltd.
Ammarit Thongthua - Secure D Center Research Team, Secure D Center Co.,Ltd.

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company