CVE-2016-9498 ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...

CVE-2016-9498

CVE-2016-9498 affects ManageEngine Applications Manager 12 and 13 before build 13200. An insecure deserialization flaw in the included Apache Commons Collections library enables a remote, unauthenticated attacker to craft messages to the RMI service (port 11099/TCP) and execute arbitrary code, po...

ManageEngine Applications Manager < 13200 Multiple Vulnerabilities

ManageEngine Applications Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)

An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...