Schedule demo
 
 

CVE-2019-19799

Unauthenticated disclosure of license-related information via WieldFeedServlet servlet


Vulnerability Details
Impact CVSS V3 rating: -
Fixed 18 March 2020
Affected Builds Till Build 14590
Fixed in Build 14600
Overview Unauthenticated disclosure of license-related information via WieldFeedServlet servlet.
Recommended Fix Upgrade Applications Manager to version 14600 or above.

Description- Security Update - CVE-2019-19799 Database

ManageEngine Applications Manager version 14590 and below allowed a remote unauthenticated attacker to disclose license-related information via WieldFeedServlet servlet. The remote unauthenticated attacker could download the license file information via WieldFeedServlet servlet, which could allow users to apply them in their Applications Manager-installed machines.

We recommend you to upgrade Applications Manager to version 14600 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2019-19799 from CVE Directory and NIST NVD.

Reported by:
Luis Alfredo Nunez Rincon - Cybersecurity Researcher

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company