|Impact||CVSS V3 rating: -|
|Fixed||18 March 2020|
|Affected Builds||Till Build 14590|
|Fixed in||Build 14600|
|Overview||Unauthenticated disclosure of license-related information via WieldFeedServlet servlet.|
|Recommended Fix||Upgrade Applications Manager to version 14600 or above.|
ManageEngine Applications Manager version 14590 and below allowed a remote unauthenticated attacker to disclose license-related information via WieldFeedServlet servlet. The remote unauthenticated attacker could download the license file information via WieldFeedServlet servlet, which could allow users to apply them in their Applications Manager-installed machines.
We recommend you to upgrade Applications Manager to version 14600 or above to fix this issue.
Source and Acknowledgements