Applications Manager Security Vulnerabilities and Issues — Applications Manager CVE List

Lucene search

ManageengineApplications Manager

8 matches found

CVE•added 2018/06/05 2:29 p.m.•64 views

CVE-2016-9488

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which...

9.8CVSS10AI score0.05652EPSS

CVE•added 2012/02/14 12:55 a.m.•58 views

CVE-2012-1062

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) h...

4.3CVSS5.6AI score0.00475EPSS

CVE•added 2018/06/05 2:29 p.m.•43 views

CVE-2016-9490

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also avai...

6.1CVSS6AI score0.00852EPSS

CVE•added 2012/02/14 12:55 a.m.•41 views

CVE-2012-1063

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

7.5CVSS8.8AI score0.00403EPSS

CVE•added 2008/01/29 8:0 p.m.•39 views

CVE-2008-0475

ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.2AI score0.00283EPSS

CVE•added 2008/03/31 10:44 p.m.•35 views

CVE-2008-1566

Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3CVSS5.5AI score0.00296EPSS

CVE•added 2008/01/29 8:0 p.m.•32 views

CVE-2008-0476

ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details ...

6.4CVSS6.5AI score0.00299EPSS

CVE•added 2008/01/29 8:0 p.m.•28 views

CVE-2008-0474

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) res...

4.3CVSS5.6AI score0.00305EPSS