|Impact||CVSS V3 rating: 5.3 MEDIUM|
|Fixed||1 April 2020|
|Affected Builds||Till Build 14610|
|Fixed in||Build 14620|
|Overview||Remote unauthenticated user able to disclose file names under /working directory via FailOverHelperServlet.|
|Recommended Fix||Upgrade Applications Manager to version 14620 or above.|
ManageEngine Applications Manager version 14610 and below allowed a remote unauthenticated attacker to disclose OS file names under /working directory via FailOverHelperServlet.
We recommend you to upgrade Applications Manager to version 14620 or above to fix this issue.
Source and Acknowledgements