|Impact||CVSS V3 rating:|
|Fixed||3 August 2020|
|Affected Builds||Till version 14780|
|Fixed in||Version 14790 and above|
|Overview||Unauthenticated remote user is allowed to register managed servers via AAMRequestProcessor servlet.|
|Recommended Fix||Upgrade Applications Manager to version 14790 or above.|
ManageEngine Applications Manager 14780 and before allow a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
We recommend you to upgrade Applications Manager to version 14790 or above to fix this issue.
Source and Acknowledgements