# CVE-2019-19799

## Unauthenticated disclosure of license-related information via WieldFeedServlet servlet

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: -** |
| Fixed | 18 March 2020 |
| Affected Builds | Till Build 14590 |
| Fixed in | Build 14600 |
| Overview | Unauthenticated disclosure of license-related information via WieldFeedServlet servlet. |
| Recommended Fix | **Upgrade Applications Manager to version 14600 or above.** |

## Description- Security Update - CVE-2019-19799 Database

ManageEngine Applications Manager version 14590 and below allowed a remote unauthenticated attacker to disclose license-related information via WieldFeedServlet servlet. The remote unauthenticated attacker could download the license file information via WieldFeedServlet servlet, which could allow3—4users to apply them in their Applications Manager-installed machines.

We recommend you to upgrade Applications Manager to version 14600 or above to fix this issue.

## Source and Acknowledgements

Find out more about CVE-2019-19799 from [CVE Directory](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19799) and [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-19799).

**Reported by:**
Luis Alfredo Nunez Rincon - Cybersecurity Researcher

## Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/products/applications_manager/support.html) or email us at [appmanager-support@manageengine.com](mailto:appmanager-support@manageengine.com)