Schedule demo
 
 

CVE-2019-19800

Remote unauthenticated user able to disclose file names under /working directory via FailOverHelperServlet


Vulnerability Details
Impact CVSS V3 rating: 5.3 MEDIUM
Fixed 1 April 2020
Affected Builds Till Build 14610
Fixed in Build 14620
Overview Remote unauthenticated user able to disclose file names under /working directory via FailOverHelperServlet.
Recommended Fix Upgrade Applications Manager to version 14620 or above.

Description- Security Update - CVE-2019-19800 Database

ManageEngine Applications Manager version 14610 and below allowed a remote unauthenticated attacker to disclose OS file names under /working directory via FailOverHelperServlet.

We recommend you to upgrade Applications Manager to version 14620 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2019-19800 from CVE Directory and NIST NVD.

Reported by:
Luis Alfredo Nunez Rincon - Cybersecurity Researcher

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company