|Impact||CVSS V3 rating: 7.2|
|Fixed||15 February 2022|
|Affected Builds||Version 15510 and below|
|Fixed in||Version 15511 and above|
|Overview||Insecure file upload by an authenticated admin user.|
|Recommended Fix||Upgrade Applications Manager to version 15511 or above.|
ManageEngine AppManager15 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
We recommend you to upgrade Applications Manager to version 15511 or above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2022-23050 from CVE Directory and NIST NVD.
For clarification or corrections please contact our support team or email us at email@example.com