Lucene search

[email protected]NVD:CVE-2016-9489

HistoryJul 13, 2018 - 8:29 p.m.

CVE-2016-9489

2018-07-1320:29:01

CWE-264

CWE-269

CWE-255

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like “ADMIN”. A user is also able to change properties of another user, e.g. change another user’s password.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerMatch12.0

zohocorpmanageengine_applications_managerMatch13.0

References

seclists.org/fulldisclosure/2017/Apr/9

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9489.html

www.securityfocus.com/bid/97394/

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for NVD:CVE-2016-9489

cve1 prion1 cvelist1 openvas1