|Impact||CVSS V3 rating:|
|Fixed||15 February 2022|
|Affected Builds||Version 15510 and below|
|Fixed in||Version 15511 and above|
|Overview||Insecure file upload by an authenticated admin user.|
|Recommended Fix||Upgrade Applications Manager to version 15511 or above.|
ManageEngine AppManager15 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
We recommend you to upgrade Applications Manager to version 15511 or above to fix this issue.
Source and Acknowledgements