|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-09-06 | |
| Rule Name: | ManageEngine Applications Manager MenuHandlerServlet SQL Injection Vulnerability -1 (CVE-2016-9488) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the config_id parameter when processing requests sent to MenuHandlerServlet servlet. ManageEngine Applications Manager 12 and 13 are vulnerable. | |
| Impact: | An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the operating system, gain elevated privileges or cause denial-of-service conditions. | |
| Affected OS: | Windows, Linux | |
| Reference: | CVE-2016-9488 |
|
| Solutions |
|---|
| Please replace the product with an unaffected version. |