|Impact||CVSS V3 rating: 9.8 CRITICAL|
|Fixed||1 July 2020|
|Affected Builds||Below 14684
Between 14689 and 14740
|Fixed in||Build 14740 and above|
|Overview||Unauthenticated Remote Code Execution via SQL injection in REST API module.|
|Recommended Fix||Upgrade Applications Manager to version 14740 or above.|
In ManageEngine Application Manager 14.7 Build 14730, an unauthenticated SQL injection leading to RCE is possible in REST API module.
We recommend you to upgrade Applications Manager to version 14740 or above to fix this issue.
Source and Acknowledgements