Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCertccCVELIST:CVE-2016-9491
HistoryJul 13, 2018 - 8:00 p.m.

CVE-2016-9491 ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity

2018-07-1320:00:00
CWE-611
certcc
www.cve.org
2

AI Score

5

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.

CNA Affected

[
  {
    "product": "Applications Manager",
    "vendor": "ManageEngine",
    "versions": [
      {
        "status": "affected",
        "version": "12"
      },
      {
        "status": "affected",
        "version": "13"
      }
    ]
  }
]

Related

cve 1
prion 1
nvd 1
cve
cve
CVE-2016-9491
2018-07-13 20:29:01
prion
prion
Design/Logic Flaw
2018-07-13 20:29:00
nvd
nvd
CVE-2016-9491
2018-07-13 20:29:01

AI Score

5

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON
Related for CVELIST:CVE-2016-9491
cve1prion1nvd1